You could give a try to CIS-CAT http://benchmarks.cisecurity.org/downloads/audit-tools/
2014-05-22 19:45 GMT+04:00 Greg Elin <[email protected]>: > Thanks for you notes, Steve. > > Here is the use case driving my question for OpenSCAP on OS X. I'm not > really trying to lock down the entire Mac, it's more that I am trying to > just recognize the developer is on a Mac. Suggestions appreciated! > > Use case background: > I'm working on GovReady, a toolkit to make security assessments for FISMA > purposes easier. My target audience or IT shops understaffed in security and > always have a backlog. The idea is to create leverage openSCAP and SSG to > create a more automated and user-friendly process to gain shared awareness > of the certification-worthiness of a system. > > Use case: > Bob is a FISMA-naive needs to be more aware of the security of the > app/system they are building. Janice is a IT administrator who needs to > check how secure an open source Bob's app is but doesn't have a lot of time. > Bob and Janice go to GovReady.org and download the toolkit, installing it in > the app in question. Kind of like adding jQuery. They just download GovReady > and unzip it into a directory. Next they type a simple line command, > `govready install` and everything gets installed. Then they type `govready > assess` (or `govready scan`) and some canned-tests (e.g. profiles) are run > and beautiful reports generated. GovReady provides a kind of beginner > wrapper around the underlying tools. > > If Bob and Janice are CentOS/RHEL (or using a Vagrant VM running Linux), > this is pretty easy. But many FISMA-naive developers in DC these days are on > OS X or even Windows. So I'm trying to understand how I can create a simple > install process that works cross-platform. The cross-platform install at > BEST would install the appropriate open source scanning tool for the > platform. If that is too hard right now, then at least the install process > should fail gracefully and encourage the individual to use virtual machines. > > Greg Elin > personal cell: 917-304-3488 > personal email: [email protected] > email: [email protected] > > > > > > > > On Thu, May 22, 2014 at 11:25 AM, Steve Grubb <[email protected]> wrote: >> >> Hello, >> >> On Wed, 21 May 2014 18:07:27 -0400 >> Greg Elin <[email protected]> wrote: >> > Has anyone tried to install openSCAP on OS-X? >> >> Openscap is portable to other platforms in that the gnu autotools is >> the foundation of the build system. The libraries it uses are portable. >> There is support for everything required of SCAP 1.2 except OCIL. >> >> That said, there are some deficiencies. Openscap is designed to be >> modular. To add a new test, you write an OVAL probe which is really >> simple. You fill in a structure and exit. Each probe is essentially a >> process spun-up on demand as the content is evaluated. >> >> What is needed is someone that cares about a platform to contribute >> probes. The openscap developers have done the bulk of the work. It >> should be a couple hours/days of someone's time if they wanted to help >> the SCAP community by sending some code for porting to other platforms. >> We would welcome code enabling Windows, Android, OSX, or any other >> platform. >> >> -Steve > > > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
