Description of problem: Currently the OpenSCAP profile is activated by OVEHOSTED_VM/applyOpenScapProfile=bool:True. This does not allow to specify which profile will be used. It would be beneficial if the profile variable accepted profile name e.g. xccdf_org.ssgproject.content_profile_stig.
We should also be able to support PCI-DSS security profile: xccdf_org.ssgproject.content_profile_pci-dss
*** Bug 2068318 has been marked as a duplicate of this bug. ***
Verified in ovirt-ansible-collection-2.0.3-1.el8ev.noarch ovirt-hosted-engine-setup-2.6.3-1.el8ev.noarch Deploy questions were changed and now it is possible to choose from two profiles: Do you want to apply an OpenSCAP security profile? (Yes, No) [No]: yes Please provide the security profile you would like to use (stig, pci-dss) [stig]: stig
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Low: RHV RHEL Host (ovirt-host) [ovirt-4.5.0] security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:4764