I will reply to this in detail later today when I have time to gather my
references.
I did not want you to think I was ignoring you.
“Sometimes I think the surest sign that intelligent life exists elsewhere in the
universe is that none of it has tried to contact us.” (Bill Waterson: Calvin &
Hobbes)
On Mar 30, 2015, at 12:10 PM, Peter Pickford <pe...@netremedies.ca> wrote:
Hi Dan,
Could you expand on why "making a module out of the CIS Hardening Guidelines is the
wrong approach".
It seems like a good option when the likes of PCI DSS suggest implementing
industry standards.
Are you referring to the conflicts you end up with when using more specific,
and usually more appropriate to the task at hand, modules (ssh module deals
with ssh and cis also tries to manage ssh).
Last time I tried this I recall having to modify and disable some of the
CISmodule.
I did end up with systems that proved easy to demonstrate complied with the CIS
guidelines.
Is there a good way to combine cross cutting concerns such as implement a
policy of standardizing on CIS Hardening Guidelines and wishing to use/resuse
more specific/standard/appropriate modules for each component?
Thanks
Peter
On 30 March 2015 at 07:41, Dan White <d_e_wh...@icloud.com> wrote:
<Just my opinion>
I believe that making a module out of the CIS Hardening Guidelines is the
wrong approach.
I implemented RHEL 5 and RHEL 6 hardening throughout my catalog.
Specific example: Guidelines for ssh_config and sshd_config are in the ssh
moduile.
</Just my opinion>
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.” (Bill Waterson: Calvin
& Hobbes)
On Mar 30, 2015, at 10:07 AM, Joseph Holland <j0ey2...@gmail.com> wrote:
Hi Ash26,
Did you manage to get this working in the end or have you figured out
another way to implement the CIS benchmarks in some automated fashion?
Thanks,
Joe.
On Monday, February 9, 2015 at 9:57:57 AM UTC, Ash26 wrote:
arildjensen-cis seems not to have worked for RHEL7
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/5cbbbc24-70cb-4db9-b6bb-5c527f70f92c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/63abe2dd-d338-4448-afc3-29ea481f3e97%40me.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAKx2DRYPx%2BVwX%3DPBah2mgS367jQFbFjsHPA9KO5KiZ34p1knyQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c3a6c8f0-dd78-41b7-bf13-73c57fe9cefc%40me.com.
For more options, visit https://groups.google.com/d/optout.