DISA STIG for Red Hat Enterprise Linux 9

Ansible Role for DISA STIG for Red Hat Enterprise Linux 9

Profile Description:

This profile includes configuration checks that follow the DISA STIG (Security Technical Implementation Guide) for Red Hat Enterprise Linux 9 V1R2. It is suitable not only for Red Hat Enterprise Linux 9 but also for other Red Hat technologies based on it, such as:

• Red Hat Enterprise Linux Server
• Red Hat Enterprise Linux Workstation and Desktop
• Red Hat Enterprise Linux for HPC
• Red Hat Storage
• Red Hat Containers using a Red Hat Enterprise Linux 9 image

The tasks in this role are created using OpenSCAP. For more information about how the Ansible playbook is generated, visit OpenSCAP.

If you want to submit a fix or suggest an improvement for an Ansible task that is not working or is missing, refer to the ComplianceAsCode project at ComplianceAsCode.

Requirements

• Ansible version 2.9 or higher

Role Variables

To make the role fit your needs, check the list of variables.

Dependencies

• None

Example Role Usage

To download and install the role, run:

ansible-galaxy install RedHatOfficial.rhel9_stig

Then, you can use the following snippet in your playbook to run the Ansible role:

- hosts: all
  roles:
    - { role: RedHatOfficial.rhel9_stig }

Next, test the playbook locally with:

ansible-playbook -i "localhost," -c local --check playbook.yml

To apply the changes (this might change your local machine's settings!), run:

ansible-playbook -i "localhost," -c local playbook.yml

License

• BSD-3-Clause

Author Information

This Ansible remediation role is based on security policies created by the ComplianceAsCode project. For a current list of authors and contributors, visit this link.