Marcus Burghardt

Could you resolve the conflict, please?

Some changes are necessary in this PR to not break Ubuntu. Ideally, a separate Ansible remediation for Ubuntu should be created in alignment to `ubuntu.sh`. I just noticed that the...

> I haven't reproduced this in a RHEL 8.8 VM. The rule is `pass` after the remediation and the nftables service is masked after the remediation. The rule is templated...

> Sanity/machine-hardening test is one of those where it fails. If you want, I can fairly quickly get you a machine where the test was run and the rule fails....

> I wasn't able to reproduce this. You can ping me off-list to get some details about my machines. I'm honestly giving up. Thanks for the efforts @jan-cerny . You...

> @marcusburghardt On reserved machine `service_nftables_disabled` passes by default. There, I did `service_nftables_disabled` check after every CIS Level 2 rule remediation. And it starts failing right after `service_firewalld_enabled`. So that's...

> I can reproduce the situation that @marcusburghardt described, ie. the situation that `oscap` can't read the state of the nftables service. > > I have found that reason is...

> The result is that `systemctl daemon-reload` doesn't change anything. After executing it, the `systemctl list-units --all | grep nftables` still returns nothing. Also the output of other commands is...

@mildas and @jan-cerny , would you agree to move this issue to the scanner and waive this rule on content side?

> @marcusburghardt This doesn't seem to be an issue on the content side. However, I'm not sure if it's an issue in the scanner. I don't know where the issue...