Classification: UNCLASSIFIED Caveats: NONE Hope I'm not being a bother, but if possible, would someone mind weighing in on this? Scanning on RHEL7 isn't particularly useful right now, and we'd like to lock it down as soon as possible.
Thanks, -- Ray Shaw (Contractor, STG) Army Research Laboratory CIO, Unix Support > -----Original Message----- > From: Shaw, Ray V CTR USARMY ARL (US) > Sent: Tuesday, June 24, 2014 10:31 AM > To: 'SCAP Security Guide' > Subject: RHEL7 scanning (UNCLASSIFIED) > > Classification: UNCLASSIFIED > Caveats: NONE > > By default, it looks like only the partition checks are enabled when > scanning with the stig-rhel7-server-upstream profile (on RHEL7). If I > edit > the profile to enable all of the ones that RHEL6 has enabled (and then > remove the few that don't exist for RHEL7), I get a total of 56 checks. > > [If anyone is curious, out of the box it passes 35 and fails 21, > assuming > it's partitioned correctly.] > > We're starting on RHEL7 to prepare our configuration management system, > etc. > for when 7 is blessed and we can deploy it, and of course STIGs are a > big > part of that. Is it reasonable to expect that they will closely > parallel > the RHEL6 STIG? Permissions/ownership, audit rules, sysctl, GDM, etc. > > Thanks, > > -- > Ray Shaw (Contractor, STG) > Army Research Laboratory > CIO, Unix Support > > > > Classification: UNCLASSIFIED > Caveats: NONE > Classification: UNCLASSIFIED Caveats: NONE
smime.p7s
Description: S/MIME cryptographic signature
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
