What were you trying to do that didn't work?

There are multiple issues with rules xccdf_org.ssgproject.content_rule_grub2_admin_username and xccdf_org.ssgproject.content_rule_grub2_uefi_admin_username

Issue 1 - STIG

In STIG profile, xccdf_org.ssgproject.content_rule_grub2_admin_username is selected but not xccdf_org.ssgproject.content_rule_grub2_uefi_admin_username, which doesn't make sense to me, IMHO both should be selected.

Issue 2 - The remediation in the description of the rule is incorrect

It states to change set superusers=xxx into set superusers=<username> then execute grubby --update-kernel=ALL.
There are 2 issues with this:

1. Changing "superusers" is not sufficient, it also requires changing password_pbkdf2 root ... line into password_pbkdf2 <username> .... Both actions can be done through using the following shell snippet:

   # sed -i -e 's/\(set superusers=\).*/\1"<unique user id>"/g' -e 's/\(password_pbkdf2\)\s*[^\s]*\s*\(.*\)/\1 "<unique user id>" \2/g' /etc/grub.d/01_users

2. Executing grubby has no effect on the runtime configuration file (/boot/grub2/grub.cfg and the respective UEFI configuration file). Instead the command to execute is grub2-mkconfig -o /etc/grub2.cfg on BIOS systems and grub2-mkconfig -o /etc/grub2-efi.cfg on UEFI systems.
   The unified way to do this is:

   # grub2-mkconfig -o /etc/grub2$(test -e /sys/firmware/efi && echo "-efi").cfg

What is the impact of this issue to you?

STIG compliance

Please provide the package NVR for which the bug is seen:

scap-security-guide-0.1.74-1.el9_4.noarch

How reproducible is this bug?:

N/A