DISA has released a STIG for RHEL 7. redhatrises updated an overlay to account for the final release from DISA of RHEL7 STIG. What additional work, if any, needs to be done to SSG in order for oscap to be able to scan relative to the final DISA STIG for RHEL 7?
When I clone the github repository, run cmake and examine build/ssg-rhel7-ds.xml, it shows xccdf_org.ssgproject.content_rule_encrypt_partitions select="true" for profile *STIG for Red Hat Enterprise Linux 7 Server Running GUI*. When I load up the final RHEL7 STIG, I can't find any vulnerability related to unencrypted partitions. Am I missing the vulnerability in the STIG, or is the SSG adding security checks to the profile? Thanks, Chad _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
