Hi, You're correct that SCAP Security Guide was not shipped as a package in Ubuntu 16.04, but it is shipped in Ubuntu 18.04.
The file “U_Canonical_16-04_LTS_V1R1_STIG.zip" is a different content, which isn't provided by SCAP Security Guide project, but is provided by DISA. Regards Jan Černý Security Technologies | Red Hat, Inc. ----- Original Message ----- > From: "William Boucher" <william.bouc...@mza.com> > To: "Watson Sato" <ws...@redhat.com> > Cc: open-scap-list@redhat.com > Sent: Monday, January 21, 2019 11:55:54 PM > Subject: Re: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS > > > > Stuart and Watson, > > > > I found the packages for Ubuntu 18.04 (“cosmic”) but not for Ubuntu 16.04 > (“xenial”). The DISA STIG is written specifically for Ubuntu 16.04 > (“U_Canonical_16-04_LTS_V1R1_STIG.zip”). Am I not looking in the right place > for the SSG? > > > > I found the ssg packages for Ubuntu 18.04 at > https://packages.ubuntu.com/search?suite=cosmic&searchon=names&keywords=ssg > , but they are not in the 16.04 package listing at > https://packages.ubuntu.com/search?suite=xenial&searchon=names&keywords=ssg > . > > > > Could they be in another repository for 16.04? (Note I am using the latest > xenial, 16.04.5, which has the same Linux kernel as the latest cosmic > release, 4.15.) > > > > Thank you for your help and patience, > > > > --Bill > > > > William B. Boucher, BSEE > > Embedded Systems Software Engineer > Information Systems Security Manager > > MZA Associates Corporation > > 4900 Lang Ave. NE, Suite 100 > > Albuquerque, NM 87109-9708 > > Phone: 505.245.9970 x166 > > Fax: 505.245.9971 > > Cell: 505.459.7620 > > william.bouc...@mza.com > > > > From: Watson Sato [mailto:ws...@redhat.com] > Sent: Monday, January 7, 2019 7:58 AM > To: Boucher, William <william.bouc...@mza.com> > Cc: Newman, Stuart J. (GSFC-491.0)[KBRwyle] <stuart.j.new...@nasa.gov>; > open-scap-list@redhat.com > Subject: Re: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS > > > > > Hello, > > > > > > > > > On Wed, Nov 28, 2018 at 5:39 PM Boucher, William < william.bouc...@mza.com > > wrote: > > > > > > Stuart, > > > > How do I get the current/latest scap security guide? > > > > > Latest pre-built content can be grabbed at > https://github.com/ComplianceAsCode/content/releases , just download the zip > file. > > > > > > 1) I went to https://www.open-scap.org/security-policies/scap-security-guide/ > and clicked on the Ubuntu symbol to get directions for installing it, but > that gave message “The SCAP Security Guide package is not available on the > Ubuntu distribution yet. Check for update.” > > > The website needs to updated, there are SCAP Security Guide packages for > Ubuntu and Debian. > > > > > > 2) “apt-get install scap-security-guide” produced the error “Unable to locate > package scap-security-guide.” > > > > > > It seems that the packages are named slightly different in Ubuntu, see: > https://packages.ubuntu.com/source/disco/scap-security-guide > > > > > > > > I did successfully install libopenscap8 (“apt-get install libopenscap8”). > > > > All help is appreciated. > > > > > William B. Boucher, BSEE > > Embedded Systems Software Engineer > Information Systems Security Manager > > MZA Associates Corporation > > 2021 Girard Blvd., SE, Suite 150 > > Albuquerque, New Mexico 87106 > > Phone: 505.245.9970 x166 > > Fax: 505.245.9971 > > Cell: 505.459.7620 > > william.bouc...@mza.com > > > > > > From: Newman, Stuart J. (GSFC-491.0)[KBRwyle] [mailto: > stuart.j.new...@nasa.gov ] > Sent: Wednesday, November 28, 2018 4:19 AM > To: Boucher, William < william.bouc...@mza.com >; open-scap-list@redhat.com > Subject: RE: Benchmark for Canonical Ubuntu 16.04 LTS > > > > > The current (0.1.41) version of the scap security guide has Ubuntu > benchmarks. > > > > > Stuart J Newman > > > > > > > > Engineer 4; Systems > > NASA/Goddard Space Flight Center, Building 14 Room 252 | Greenbelt, Maryland > 20771 | USA > > Office: +1 301. 286.5145 | Mobile: +1443.878.6146 | stuart.j.new...@nasa.gov > > > > > > > > This e-mail, including any attached files, may contain confidential and > privileged information for the sole use of the intended recipient. Any > review, use, distribution, or disclosure by others is strictly prohibited. > If you are not the intended recipient (or authorized to receive information > for the intended recipient), please contact the sender by reply e-mail and > delete all copies of this message. > > > > > > From: open-scap-list-boun...@redhat.com < open-scap-list-boun...@redhat.com > > On Behalf Of Boucher, William > Sent: November 27, 2018 18:23 > To: open-scap-list@redhat.com > Subject: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS > > > > > > > Hi folks, > > > > I am currently hardening an Ubuntu embedded system for delivery to a > customer. > > > > I have downloaded the “Canonical Ubuntu 16.04 LTS STIG Ver 1, Rel 1” from > DISA, and I have obtained a copy of the SCAP Compliance checker tool “SCC > 5.0.2 Ubuntu 16 AMD64”. > > > > What I am missing is an SCAP Benchmark file for Ubuntu 16.04. Does one exist? > > > > I would like to use OpenSCAP to harden then scan this IS. The Open-SCAP BASE > page says that Ubuntu is supported, so I can get the tools installed. But > without a benchmark how would I proceed from there? > > > > Thank you, > > > > --Bill > > William B. Boucher, BSEE > > Embedded Systems Software Engineer > Information Systems Security Manager > > MZA Associates Corporation > > 2021 Girard Blvd., SE, Suite 150 > > Albuquerque, New Mexico 87106 > > Phone: 505.245.9970 x166 > > Fax: 505.245.9971 > > Cell: 505.459.7620 > > william.bouc...@mza.com > > > > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list > > > > > -- > > > Watson Sato > Security Technologies | Red Hat, Inc > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
