Applied DISA STiG security profile, but not all settings are made
I have a brand new server that was built using the RedHat security profile that applies the DISA STiGs. I assumed it would apply all of the required settings except for the partitioning which I applied myself or it wouldn't go any further in the installation.
When I scanned the machine after it was finished installing using Nessus, it came back with over 150 failures. Some of those are easily explained, like McAfee is not installed and there is no host integrity solution installed. Some basic settings like requiring a local user's password history to be set to 5 did not get set.
Am I missing something or do I need to go back and apply all of the settings manually.
Mike