On 12/12/2017 07:31 PM, Chuck Atkins wrote:
Hi Marek,
My apologies for the ranting tone, that was not my intent; it's just
been a very frustrating transition with the SSG from RHEL6 + STIG ->
RHEL7 + OSPP since what would easily be a well-documented single-command
process to bring the first into compliance is not so clear-cut for the
second.
Basically - it's more about resources available, and not much about
our agenda. And with Ansible remediations on par with bash, we
should be able to fix both.
I'm all about having better, more easily maintained content. So, given
the current state of things, what is the right way to use the SSG and
it's combined ansible and bash fix content to being a RHEL7 machine into
compliance with the OSPP profile?
Thanks.
It was not intention to force (or lead) users to combine those two ways,
so I would suggest to stick to what is more convenient for you -
probably bash.
And you can try to use newest upstream release [1]. It has more stuff
fixed than what was shipped in RHEL7.4. (It looks like there are ~20
failing rules, and at least 3 of them left failing by design, RHEL7.4
had ~30 rules failing).
Hope it helps,
Marek
[1] https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.36
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
