Hello Joe, apologize for a late reply.
----- Original Message ----- > From: [email protected] > To: [email protected] > Sent: Thursday, January 7, 2016 12:48:55 AM > Subject: Understanding the Pieces > > I'm trying to understand all the pieces of SSG and how it relates to the > content on the National Checklist Program Repository, specifically for > Redhat 6. If under "official" NCPR content for Red Hat Enterprise Linux 6 you mean the Red Hat 6 STIG Version 1, Release 9: [1] https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=438 then the answer is yes, this content is being derived from the latest content for RHEL/6 product, as being available in SSG. If under "official" content for RHEL-6 system you have meant also this benchmark: [2] https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=491 I can't comment on that (don't have the information) which content is this benchmark being based on (you would need to check with Oracle Linux 6 product vendor). > > In RHEL6, I did a yum install scap-security-guide to get the SSG from > the Redhat repos. I took a look at > file:///usr/share/doc/scap-security-guide-0.1.21/rhel6-guide.html and I > can see all the settings, but does this include everything that is in > the SCAP content found on the NIST National Checklist Program > Repository? Yes (in the sense content in [1] is being gradually derived from the latest code for RHEL/6 product as being available in SCAP Security Guide repository). > > Are there any kickstarts available to help configure systems? Yes. Check out the content of the 'kickstart' directory, included within scap-security-guide RPM: * Case a) -- this is the content of that directory with # rpm -q scap-security-guide scap-security-guide-0.1.21-3.el6.noarch # rpm -ql scap-security-guide | grep kickstart /usr/share/scap-security-guide/kickstart /usr/share/scap-security-guide/kickstart/ssg-rhel6-usgcb-server-with-gui-ks.cfg * Case b) -- this is the current content of that directory as present in SSG 'master': [3] https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/6/kickstart the 'ssg-rhel6-stig-ks.cfg' corresponds to the content of [1] benchmark. > Just > confused on how this all fits together. Hope this helps. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] > https://github.com/OpenSCAP/scap-security-guide/ > -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
