All,
As a starting point for writing remediation fixes in the SSG - so, I did
the following:
$ ls ~/scap-security-guide/RHEL6/input/checks/*.xml | awk '{ print
$1 }' | sed s/\.[^\.]*$// > ~/checks
$ ls ~/scap-security-guide/RHEL6/input/fixes/*.sh | awk '{ print $1
}' | sed s/\.[^\.]*$// > ~/fixes
$ sdiff ~/fixes ~/checks | less
There's fair a bit of work to be done for the fix remediations...
Since I'm new to the project, I was wondering if there was any ideas or
standards to how the SSG should distribute some of these fixes - for
example - a wholesale replacement of the audit.rules and auditd.conf
might be preferable than doing piecemeal sed's. I also think the first
script that needs to be run is to tar the current existing
configurations (as a backup) before applying any fix just in case we do
something that jacks the users modifications to the system.
Anyway, just trying to get an idea of how to proceed set some goals for
my contributions.
Regards,
Frank Caviggia
--
Frank Caviggia
Consultant, Public Sector
fcavi...@redhat.com
(M) (571) 295-4560
_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
