Updating RHEL8 STIG profile for readability changes

[carlosmmatos]

Direct sync of V1R1 for rules - along with current mapped rules.

[openscap-ci]

Changes identified:
Profiles:
 stig on rhel8
 rhelh-stig on rhel8

Show details

Profile stig on rhel8:
 Rule harden_sshd_crypto_policy, package_gssproxy_removed, accounts_password_pam_unix_rounds_system_auth, accounts_password_pam_unix_rounds_password_auth added to stig profile.
 Variable var_password_pam_unix_rounds=5000 added to stig profile.
Profile rhelh-stig on rhel8:
 RHELH-STIG profile extends changed STIG profile.

Recommended tests to execute:
 build_product rhel8
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-rhel8-ds.xml stig
 tests/test_suite.py profile --libvirt qemu:///system test-suite-vm --datastream build/ssg-rhel8-ds.xml rhelh-stig

[openshift-ci]

@carlosmmatos: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws-rhcos4-moderate	6a3dac4	link	/test e2e-aws-rhcos4-moderate

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[ggbecker]

I would refrain from adding harden_sshd_crypto_policy at this moment since it's not really aligned with STIG.

For the Ciphers parameter it defines aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc whereas STIG defines aes256-ctr,aes192-ctr,aes128-ctr or a subset of this list.

[ggbecker]

I'm going to merge this since it can cause a few conflicts and any issue can be resolved later. I see only one issue with a rule selection and I'll open a new PR to discuss its implications.