Sorry I am so late to the conversation. I’ve been trying to get Nexus OSS installed on a STIG’d RHEL 8 for a while. For testing purposes, I installed a RHEL 8 VM and Nexus OSS 3.37.1-01, and then STIG’d the server with DISA STIG V1R4, rebooting and testing along the way. I do not have nginx installed as a reverse proxy.
Here is what I have found and I am about 90% STIG’d.
- In /etc/fstab, /home must not have noexec: opens V-230302, CAT-II
- FIPS mode must be turned off; if on, initialization gear spins forever: opens V-230223, CAT-1
With these open items, Nexus seems to work well, but I have not installed a certificate on the server to enable SSL either yet. I also have not fully configured and enforce fapolicy, so that may, or may not, have an effect on the installation as well. And, not sure how many ISSMs want to open a CAT-1 to install Nexus… But, at least now you know. Perhaps the Nexus team will fix to allow FIPS mode in future releases? Hope this helps someone else.