Hi Folks,

I've got a machine running Scap Workbench on another remote/networked machine. 
Both are CentOS 7.5. I set up Workbench to SSH to the remote box as root (for 
now root ssh login is enabled on both machines), using CentOS 7 content.  I 
selected DISA STIG for Red Hat Enterprise Linux 7. Within the displayed rules 
there are two I need to ignore. I need X Windows and cannot use a smart card 
(or any multifactor) in the system I want to remediate.

So the "Remove the X Windows Package Group" & "Enable Smart Card Login" need to 
be tailored out somehow so remediation won't implement those controls.

(I'm assuming the "Enable the GNOME3 Login Smartcard Authentication", "Install 
Smart Card Packages For Multifactor Authentication" & "Configure Smart Card 
Certificate Status Checking" rules can be left in place if "Enable Smart Card 
Login" isn't set up.)

I cannot see an easy way in Workbench to just tell it to ignore a selected rule.

What do I need to do to keep remediation from implementing these rules?

Thank you,


William B. Boucher, BSEE
Embedded Systems Software Engineer
Information Systems Security Manager
MZA Associates Corporation
4900 Lang Ave. NE, Suite 100
Albuquerque, NM 87109-9708
Phone: 505.245.9970 x166
Fax: 505.245.9971
Cell: 505.459.7620

Open-scap-list mailing list

Reply via email to