Re: [Open-scap] Wish to disable check or remediation of STIG rules to remove X Windows and to use smart card

Tue, 25 Jun 2019 08:38:49 -0700 

I figured it out!

Thanks,

                --Bill

William B. Boucher, BSEE
Embedded Systems Software Engineer
Information Systems Security Manager
MZA Associates Corporation
4900 Lang Ave. NE, Suite 100
Albuquerque, NM 87109-9708
Phone: 505.245.9970 x166
Fax: 505.245.9971
Cell: 505.459.7620
william.bouc...@mza.com<mailto:william.bouc...@mza.com>

From: open-scap-list-boun...@redhat.com 
[mailto:open-scap-list-boun...@redhat.com] On Behalf Of Boucher, William
Sent: Monday, June 24, 2019 1:52 PM
To: open-scap-list@redhat.com
Subject: [Open-scap] Wish to disable check or remediation of STIG rules to 
remove X Windows and to use smart card

Hi Folks,

I've got a machine running Scap Workbench on another remote/networked machine. 
Both are CentOS 7.5. I set up Workbench to SSH to the remote box as root (for 
now root ssh login is enabled on both machines), using CentOS 7 content.  I 
selected DISA STIG for Red Hat Enterprise Linux 7. Within the displayed rules 
there are two I need to ignore. I need X Windows and cannot use a smart card 
(or any multifactor) in the system I want to remediate.

So the "Remove the X Windows Package Group" & "Enable Smart Card Login" need to 
be tailored out somehow so remediation won't implement those controls.

(I'm assuming the "Enable the GNOME3 Login Smartcard Authentication", "Install 
Smart Card Packages For Multifactor Authentication" & "Configure Smart Card 
Certificate Status Checking" rules can be left in place if "Enable Smart Card 
Login" isn't set up.)

I cannot see an easy way in Workbench to just tell it to ignore a selected rule.

What do I need to do to keep remediation from implementing these rules?

Thank you,

        --Bill

William B. Boucher, BSEE
Embedded Systems Software Engineer
Information Systems Security Manager
MZA Associates Corporation
4900 Lang Ave. NE, Suite 100
Albuquerque, NM 87109-9708
Phone: 505.245.9970 x166
Fax: 505.245.9971
Cell: 505.459.7620
william.bouc...@mza.com<mailto:william.bouc...@mza.com>


_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to