Thanks for the reference Shawn! Lee, if you're interested in information on SIMP, the easiest place to start is here https://github.com/NationalSecurityAgency/SIMP.
Thanks, Trevor On Mon, Aug 24, 2015 at 7:21 PM, Shawn Wells <[email protected]> wrote: > > > On 8/24/15 6:34 PM, Meinecke, Lee wrote: > >> >> I'm running the latest openscap and scap-workbench for RHEL6 using Red >> Hat repositories. If I feed the workbench the XCCDF file from DISA ( >> http://iasecontent.disa.mil/stigs/zip/July2015/U_RedHat_6_V1R8_STIG_SCAP_1-1_Benchmark.zip) >> and ask for online remediation I'm not getting any fixes. >> >> Does this remediation functionality exist or is the benchmark content >> lacking? I can't seem to get that working. >> >> > DISA FSO opts to strip remediation content/capabilities out from the > content Red Hat gives them. In part this makes sense: DISA FSO's intention > is to provide pass/fail content, anything beyond that is a distraction for > them. > > I've been using hardening scripts from >> https://github.com/fcaviggia/hardening-script-el6 but without >> commenting out some things those scripts are stricter than needed. >> >> > The project you mention has caused more misinformation and confusion than > usefulness. That project has no ties to Red Hat, DISA, and while perhaps > using the STIG for inspiration, its hardening settings are largely > arbitrary and places systems into an unknown compliance state. > > If you're seeking embedded remediation, consider using SCAP Security Guide > directly (shipping in RHEL as the "scap-security-guide" package, or > upstream content on GitHub). SSG ships in RHEL and serves as the upstream > for what Red Hat gives DISA FSO as part of the Vendor STIG Process. > > You might also find NSA's SIMP project interesting, which fuses > SSG+Puppet+MCollective and other things. You can find their project here: > https://github.com/simp > > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 -- This account not approved for unencrypted proprietary information --
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
