Milan Lysonek

Sanity/machine-hardening test is one of those where it fails. If you want, I can fairly quickly get you a machine where the test was run and the rule fails. The...

@marcusburghardt On reserved machine `service_nftables_disabled` passes by default. There, I did `service_nftables_disabled` check after every CIS Level 2 rule remediation. And it starts failing right after `service_firewalld_enabled`. So that's the...

> Do you have any idea on why the nftables.service state is not detected during the first scan? I haven't found anything obvious, services doesn't reveal anything, and oscap devel...

Sure, I will update waivers. I suggest contacting someone from systemd if the could briefly check it. That could save us time. There's still some time before next RHEL release,...

Could you create BZ either to openscap or dbus and close this issue? @evgenyz or @marcusburghardt

Are we touching permissions of shared libraries? But it's strange it's not 100% reproducible - as `/CoreOS/scap-security-guide/Sanity/ansible-machine-hardening STIG` ran twice, in one run it failed but in the other one...

All test scenarios for this rule pass on latest RHEL8. Moreover, 8.6 EUS ends in few weeks and no SSG updates there anymore. Thus, closing this issue.

All test scenarios for this rule pass on latest RHEL8. Moreover, 8.6 EUS ends in few weeks and no SSG updates there anymore. Thus, closing this issue.

@marcusburghardt It isn't. Sorry, I forgot this PR is still open

Looking at the DISA check, it ignores other configurations and the problem is on their side. What do you think, @marcusburghardt ?