I'm looking for insights on how to ensure our RHEL systems remain compliant with STIG requirements every quarter. It can be quite a challenge to keep everything updated and avoid any compliance creep. Currently, we rely on prebaked config files, but I'm curious if there's a more effective way to manage this.
2 Answers
Automating the process with Ansible seems like the go-to solution for a lot of people. It’s efficient and can save you from those manual headaches.
Yeah, Ansible is definitely a solid choice. I've also been using a specific collection for STIG compliance. Check out the Red Hat official GitHub repo for the RHEL8 STIG role, and the CIS benchmarks from Ansible Lockdown for RHEL9. Just make sure to customize settings to avoid any conflicts with your system's specific needs!
I’ve never heard of the CIS benchmarks! I’ll have to look into that, sounds useful.