Hey Luis, good morning! I believe Aqueduct has scripted most all CAT I and CAT II findings based on actual STIG content. We've run the SSG on boxes and I try to report where the SSG does not follow the STIG.
https://git.fedorahosted.org/cgit/aqueduct.git/ Leam On Fri, Dec 13, 2013 at 8:50 AM, Nunez, Luis K <[email protected]> wrote: > Hi Leam, > > That’s a good question. Something I would also like to know. I am not as > familiar with the Aqueduct project and certainly open to leveraging any and > all remediation capabilities it offers. My take on the SSG content as it > relates to remediation is to hold the authoritative desired state. Meaning > XCCDF contains values for a fix tool for remediation. The way I see it > bash scripting is one way of doing this. I’d like to see other methods > such as puppet and alike to be able to use XCCDF as a source for fix values. > > > > It would be great to build on bash scripting and expand on to other > methods. > > > > Thanks. > > > > -ln > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *leam > hall > *Sent:* Friday, December 13, 2013 8:10 AM > *To:* [email protected] > > *Subject:* Re: SSG Kickoff: RHEL7 Content > > > > What is SSG doing for script based remediation that Aqueduct isn't? > > Leam > > > > On Fri, Dec 13, 2013 at 7:27 AM, Nunez, Luis K <[email protected]> wrote: > > Hi Shawn, > Can we also add to the agenda Remediation? I think this a good time to > reflect on some of remediation content and capabilities with SSG moving > forward. > > Thanks. > > -ln > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of Steve > Grubb > Sent: Thursday, December 12, 2013 4:45 PM > To: [email protected] > Cc: Shawn Wells > Subject: Re: SSG Kickoff: RHEL7 Content > > On Thursday, December 12, 2013 04:27:15 PM Shawn Wells wrote: > > RHEL7 beta has been released, time to start on SSG content! > > > > Goals of this call: > > - Quickly overview Red Hat's RHEL7 STIG intent > > - Identify required steps to port SSG from RHEL6 -> RHEL7 > > - Form initial work breakdown structure, assign "task leads" > > - What OVAL standards will be needed? e.g. systemctl vs init, firewalld, > etc > > - RHEL6 STIG community feedback: What worked? What should be dropped? > > Everyone please note...some standards work will be required to get final > RHEL7 > content. This is because the move to systemd will make runlevel_test > obsolete. > These tests can be commented out until OVAL 5.11 is final. > > -Steve > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > > > > -- > > Mind on a Mission <http://leamhall.blogspot.com/> > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > -- Mind on a Mission <http://leamhall.blogspot.com/>
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
