Remediating RHEL-09-431016
I get a lot of questions about how to remediate RHEL-09-431016. People report issues like sudo or SSH no longer working afterwards. I was discussing this with my partner in crime, and we ultimately came to the conclusion that unless you really know the RHEL product or you were intimately familiar with the RHEL 7 STIG you would never know that there are a couple of missing links in the process for making RHEL-09-431016 work properly. We had to learn these things the hard way by watching test systems brick over the years, so keep in mind these are lessons we learned back with RHEL 7 and carried forward because not only would we have consistent baselines between generations, but we genuinely believed that the STIG would eventually catch up because these controls are necessary in the context of RHEL-09-431016. You'll see some of that reflected in the Ansible task naming included in this post where we carried forward two critical controls that enable RHEL-09-431016 to function without bricking the system.