Good questions from Skylar and others. Sorry if I was not forthcoming; my goal was to be brief enough to not bog anyone down in detail.
Aqueduct is used at DoD installations to secure the servers per DISA STIG guidelines. You can tell it's a government thing; too many acronyms. My own work is STIG compliance for Red Hat and eventually Solaris boxes. I use Bourne/Bash shell scripts to do the work. So far there is no central collation mandated so each installation is on their own. Of course, the ideal would be a locally centralized CMDB plug-in that would feed any issues into a ticketing system. That's why the hostname is in the output, for collation. Each OS version probably has 200-600 scripts to be run. Each script should be runnable on a system at any time; it should not change a complaint system. It should report if a system is compliant or not. How big? Lots. Easily hundreds and eventually thousands of servers. The problems? Lots. Lack of higher level language standardization, like Python. Lack of standard database (SQLite, MongoDB, etc), lack of a standard CMDB (ServiceNow, Remedy), and lack of pretty much any other standard. At this point I'm biting off a small enough chunk to chew on for a bit. The goal is to leave the output open enough so sites can choose their own solution until I can maybe form some global FOSS company for integration and reporting. :) Leam -- Mind on a Mission <http://leamhall.blogspot.com/>
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
