Merge pull request #10152 from vojtapolasek/remove_rngd_from_stig_stab

Stabilization: remove service_rngd_enabled from RHEL9 and RHEL8 STIG profiles

controls/srg_gpos/SRG-OS-000480-GPOS-00227.yml

@@ -66,13 +66,13 @@ controls:
             - no_files_unowned_by_user
 
             # service disabled
+            # - service_rngd_enabled - this rule was removed because it does bring questionable value on modern systems
             - service_kdump_disabled
             - service_debug-shell_disabled
             - service_autofs_disabled
             - service_systemd-coredump_disabled
 
             # service enabled
-            - service_rngd_enabled
             - service_auditd_enabled
             - service_rsyslog_enabled
             - service_firewalld_enabled

linux_os/guide/services/rng/service_rngd_enabled/rule.yml

@@ -24,7 +24,6 @@ references:
     ospp: FCS_RBG_EXT.1
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010471
-    stigid@rhel8: RHEL-08-010471
 
 ocil_clause: '{{{ ocil_clause_service_enabled("rngd") }}}'
 

products/rhel8/profiles/stig.profile

@@ -334,7 +334,7 @@ selections:
     - no_user_host_based_files
 
     # RHEL-08-010471
-    - service_rngd_enabled
+    # currently there is not a relevant rule which would improve RNG for RHEL in this context
 
     # RHEL-08-010472
     - package_rng-tools_installed

tests/data/profile_stability/rhel8/stig.profile

@@ -355,7 +355,6 @@ selections:
 - service_fapolicyd_enabled
 - service_firewalld_enabled
 - service_kdump_disabled
-- service_rngd_enabled
 - service_rsyslog_enabled
 - service_sshd_enabled
 - service_systemd-coredump_disabled

tests/data/profile_stability/rhel8/stig_gui.profile

@@ -365,7 +365,6 @@ selections:
 - service_fapolicyd_enabled
 - service_firewalld_enabled
 - service_kdump_disabled
-- service_rngd_enabled
 - service_rsyslog_enabled
 - service_sshd_enabled
 - service_systemd-coredump_disabled