On Fri, 04 Oct 2013 08:50:23 -0400 fcavi...@redhat.com wrote: > I was thinking this trough last night - I was wondering if we can use > checksums (sha256+) to determine if someone is using the "stock" > configuration and replace it with a fully STIGed version - I'm thinking this > would be best applicable to new installations of RHEL. I understand the need > forĀ atomic fixes for pre-existing systems, where the SA has modified the > defaults, but I can guarantee you that most people just want a STIG'ed box > out of the gate on install. I'm just trying to think in terms of long term > and short term goals - the quicker we can satisfy the majority of the users > (the ones that want something STIG'ed out of the box) the better acceptance > the product will have, the long term should be to modify things for the > people that mucked with their configurations, which I'm arguing is a > minority.
Well, not really. I've set up ssg for several clients and not a single one wants to use it as is, they have all different requirements. Some need a different banner, some different password parameters, some different ssh, etc. All I'm saying is my experience is that most want to modify. -- Brian Millett "The guerrillas, whose ancestors migrated to Mars from Earth over the past hundred years, have demanded independence for the Mars Colony or, and I quote, 'The sand will run red with Earther blood.'" -- [ Derek Mobotabwe, ISN News, "A Voice in the Wilderness I"] _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
