>From 9005ace112bd1b25e2ebdd3b81f10a38272a5f37 Mon Sep 17 00:00:00 2001 From: Shawn Wells <[email protected]> Date: Sat, 26 Jan 2013 10:57:52 -0500 Subject: [PATCH 6/6] Created SSG Manpage, shortened RPM "Description" text
- Created SSG manpage, updated RPM build spec to include it. Users can now "man ssg" - The RPM description text was to verbose when shown through 'yum list' output. Shortened. --- RHEL6/input/auxiliary/ssg.8 | 110 +++++++++++++++++++++++++++++++++++++++++++ ssg-rhel6.spec | 10 ++++- 2 files changed, 119 insertions(+), 1 deletions(-) create mode 100644 RHEL6/input/auxiliary/ssg.8 diff --git a/RHEL6/input/auxiliary/ssg.8 b/RHEL6/input/auxiliary/ssg.8 new file mode 100644 index 0000000..97c4aec --- /dev/null +++ b/RHEL6/input/auxiliary/ssg.8 @@ -0,0 +1,110 @@ +.TH scap-security-guide 8 "26 Jan 2013" "version 1" + +.SH NAME +SCAP Security Guide - Delivers security guidance, baselines, and associated validation mechanisms utilizing +the Security Content Automation Protocol (SCAP). + + +.SH DESCRIPTION +The project provides practical security hardening advice for Red Hat products, +and also links it to compliance requirements in order to ease deployment +activities, such as certification and accreditation. These include requirements +in the U.S. government (Federal, Defense, and Intelligence Community) as well +as of the financial services and health care industries. For example, +high-level and widely-accepted policies such as NIST 800-53 provides prose +stating that System Administrators must audit "privileged user actions," but do +not define what "privileged actions" are. The SSG bridges the gap between +generalized policy requirements and specific implementation guidance, in SCAP +formats to support automation whenever possible. + +The projects homepage is located at: +https://fedorahosted.org/scap-security-guide/ + + +.SH PROFILES +The SSG content is broken into 'profiles,' groupings of security settings that correlate to a known policy. Available profiles are: + +.I stig-rhel6-server +.RS +The Security Technical Implementation Guides (STIGs) and the NSA Guides are the +configuration standards for DOD IA and IA-enabled devices/systems. Since 1998, +DISA Field Security Operations (FSO) has played a critical role enhancing the +security posture of DoD's security systems by providing the Security Technical +Implementation Guides (STIGs). This profile was created as a collaboration +effort between the National Security Agency, DISA FSO, and Red Hat. + +For additional information relating to STIGs, please refer to the DISA FSO +webpage at http://iase.disa.mil/stigs/ + +.RE +.I usgcb-rhel6-server +.RS +The purpose of the United States Government Configuration Baseline (USGCB) +initiative is to create security configuration baselines for Information +Technology products widely deployed across the federal agencies. The USGCB +baseline evolved from the Federal Desktop Core Configuration mandate. The +USGCB is a Federal government-wide initiative that provides guidance to +agencies on what should be done to improve and maintain an effective +configuration settings focusing primarily on security. + +.B "NOTE: " +While the current content maps to USGCB requirements, it has NOT +been validated by NIST as of yet. This content should be considered +draft, we are highly interested in feedback. + +For additional information relating to USGCB, please refer to the NIST +webpage at http://usgcb.nist.gov/usgcb_content.html. +.RE + + +.SH EXAMPLES +To scan your system utilizing the OpenSCAP utility against the +stig-rhel6-server profile: + +oscap xccdf eval --profile stig-rhel6-server \ +--results /tmp/`hostname`-ssg-results.xml \ +--report /tmp/`hostname`-ssg-results.html \ +--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \ +/usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml +.PP +Additional details can be found on the projects wiki page: +https://fedorahosted.org/scap-security-guide/wiki/usageguide + + +.SH FILES +.I /usr/share/xml/scap/ssg/content/ +.RS +Houses SCAP content utilizing the following naming conventions: + +.I CPE_Dictionaries: +ssg-{profile}-cpe-dictionary.xml + +.I CPE_OVAL_Content: +ssg-{profile}-cpe-oval.xml + +.I OVAL_Content: +ssg-{profile}-oval.xml + +.I XCCDF_Content: +ssg-{profile}-xccdf.xml +.RE + +.I /usr/share/xml/scap/ssg/guides/ +.RS +HTML versions of SSG profiles. +.RE + +.I /usr/share/xml/scap/ssg/policytables/ +.RS +HTML tables reflecting which institutionalized policy a particular SSG rule +conforms to. +.RE + + +.SH SEE ALSO +.B oscap(8) + + +.SH AUTHOR +Please direct all questions to the SSG mailing list: +https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide diff --git a/ssg-rhel6.spec b/ssg-rhel6.spec index 9b40e3c..3b7a935 100644 --- a/ssg-rhel6.spec +++ b/ssg-rhel6.spec @@ -1,7 +1,7 @@ Name: ssg-rhel6 Version: %{version} Release: %{release} -Summary: The scap-security-guide project provides security guidance and baselines in SCAP formats. +Summary: Security guidance and baselines in SCAP formats. Group: Testing License: Public domain and GPL @@ -34,9 +34,16 @@ cd RHEL6 && make dist rm -rf $RPM_BUILD_ROOT #make install DESTDIR=$RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/usr/share/xml/scap/ssg/ +mkdir -p $RPM_BUILD_ROOT/usr/share/man/en/man8/ +# Add in core content (SCAP, guide, tables) cp -r RHEL6/dist/* $RPM_BUILD_ROOT/usr/share/xml/scap/ssg/ +# Add in manpage +gzip -c RHEL6/input/auxiliary/ssg.8 > $RPM_BUILD_ROOT/usr/share/man/en/man8/ssg.8.gz +makewhatis +chcon -u system_u /usr/share/man/en/man8/ssg.8.gz + %clean rm -rf $RPM_BUILD_ROOT @@ -45,6 +52,7 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(0644,root,root,0755) %attr(0755,root,root) /usr/share/xml/scap/ssg +%attr(0644,root,root) /usr/share/man/en/man8/ssg.8.gz %changelog -- 1.7.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
