7.4. Remediating the system to align with a specific baseline
Use this procedure to remediate the RHEL system to align with a specific baseline. This example uses the Health Insurance Portability and Accountability Act (HIPAA) profile.
If not used carefully, running the system evaluation with the Remediate option enabled might render the system non-functional. Red Hat does not provide any automated method to revert changes made by security-hardening remediations. Remediations are supported on RHEL systems in the default configuration. If your system has been altered after the installation, running remediation might not make it compliant with the required security profile.
Conditions préalables
-
The
scap-security-guidepackage is installed on your RHEL system.
Procédure
Use the
oscapcommand with the--remediateoption:# oscap xccdf eval --profile hipaa --remediate /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml- Restart your system.
Vérification
Evaluate compliance of the system with the HIPAA profile, and save scan results in the
hipaa_report.htmlfile:$ oscap xccdf eval --report hipaa_report.html --profile hipaa /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
Ressources supplémentaires
-
scap-security-guide(8)andoscap(8)man pages
