Ok. I guess I will need to learn how to write OVAL and XCCDF content.... Besides that, my coworker and I just noticed that although we fail the AIDE test, we are passing the aide_periodic_cron_checking test. This might be a bug??? Can anyone replicate?
-Bond On 07/28/2015 05:59 PM, Shawn Wells wrote: > Exactly. > > Oval content to extend to other tools would be most welcome! > > -- > Shawn Wells > Director, Innovation Programs > [email protected] <mailto:[email protected]> | 443.534.0130 > @shawndwells > > On Jul 28, 2015, at 7:50 PM, Trevor Vaughan <[email protected] > <mailto:[email protected]>> wrote: > >> I'm guessing it's because it comes with RHEL and is therefore >> supported and easy to test out of the box. >> >> If your local Security Officer is willing to allow it, you could use >> pretty much anything in place of AIDE. >> >> Trevor >> >> On Tue, Jul 28, 2015 at 6:50 PM, Bond Masuda >> <[email protected] <mailto:[email protected]>> wrote: >> >> I'm not sure if this is the place to talk about the specific >> content of the security standards or if the SSG is more "meta"... >> >> I see there is a test Rule ID: *package_aide_installed. *I am >> inclined to think that the spirit of this test is to have a file >> integrity monitoring (FIM) system. But why AIDE specifically? >> There are a few options for FIM, but not too many that one >> couldn't write tests to ensure that at least one of the handful >> of fully featured OSS FIM solutions is installed and configured. >> (other options that come to mind are OSSEC and Samhain) >> Additionally, AIDE development seems to be stagnant and perhaps >> not the best choice at this time. >> >> Where is this guidance coming from? Is the source of the guidance >> really technology specific or is the choice of AIDE just a >> specific interpretation of a more general guidance for a FIM >> solution? What's the rationale, if so? >> >> -Bond >> >> -- >> SCAP Security Guide mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >> https://github.com/OpenSCAP/scap-security-guide/ >> >> >> >> >> -- >> Trevor Vaughan >> Vice President, Onyx Point, Inc >> (410) 541-6699 >> >> -- This account not approved for unencrypted proprietary information -- >> -- >> SCAP Security Guide mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >> https://github.com/OpenSCAP/scap-security-guide/ > >
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
