Bug 2224448

Summary: [DDF] If you use "--profile" it will create a playbook based on the profile, not the results scan. This is a corrected
Product: Red Hat Enterprise Linux 8 Reporter: Direct Docs Feedback <ddf-bot>
Component: DocumentationAssignee: Jan Fiala <jafiala>
Documentation sub component: DDF QA Contact:
Status: CLOSED COMPLETED Docs Contact:
Severity: unspecified    
Priority: high CC: jafiala, jcerny, radrao, rhel-docs
Version: 8.0Keywords: Documentation
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-07-25 16:06:46 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Direct Docs Feedback 2023-07-20 21:00:59 UTC 
If you use "--profile" it will create a playbook based on the profile, not the results scan. This is a corrected example:

oscap xccdf generate fix --fix-type ansible --result-id
"" --output hipaa-remediations.yml hipaa-results.xml

Took me like, 2 hours to find this answer. Here's the blog post that helped me. http://redhatgov.io/workshops/rhel_8/exercise1.7/

Try it yourself. The profile ansible playbook will have:
# This Ansible Playbook is generated from an OpenSCAP profile without preliminary evaluation.
# It attempts to fix every selected rule, even if the system is already compliant.
at the top.

Reported by: xhk416x

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#annotations:fb7b6d6a-51e9-4aad-8c23-036fcd798ce4
Comment 1 radrao 2023-07-21 09:27:36 UTC 
Annotation: Chapter 8. Scanning the system for configuration compliance and vulnerabilities of the "Security Hardening" title
Comment 6 Jan Fiala 2023-07-25 15:32:24 UTC 
Thanks a lot for reporting this! I discussed this with the Compliance SMEs and updated both RHEL 8 and RHEL 9 documentation. The changes should be visible here in a few hours:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#creating-a-remediation-ansible-playbook-to-align-the-system-with-a-specific-baseline_scanning-the-system-for-configuration-compliance-and-vulnerabilities

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#creating-a-remediation-ansible-playbook-to-align-the-system-with-a-specific-baseline_scanning-the-system-for-configuration-compliance-and-vulnerabilities