Look into SCAP Workbench to help build a custom security profile for your 
application.
https://www.open-scap.org/tools/scap-workbench/


Robert

From: Fen Labalme [mailto:fen.laba...@civicactions.com]
Sent: Thursday, March 1, 2018 10:00 PM
To: SCAP Security Guide <scap-security-guide@lists.fedorahosted.org>
Subject: Disabling specific bash remediations

The goal is to create a hardened EC2 server on AWS from scratch. After 
provisioning a new RHEL/7 instance on AWS, we run `yum -y update` followed by 
the bash remediations from SSG using:

  command: 'oscap xccdf eval --profile {{ scapprofile }} --remediate \
    --results-arf /tmp/results-arf.xml --report /tmp/report.html \
    /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml'

But there are some remediations I don't want to run for an EC2 server such as 
install_smartcard_packages.sh and dracut-fips. Is there a way to prevent 
certain remediations from running?

Thanks,
=Fen



CONFIDENTIALITY NOTICE This message and any included attachments are from 
Cerner Corporation and are intended only for the addressee. The information 
contained in this message is confidential and may constitute inside or 
non-public information under international, federal, or state securities laws. 
Unauthorized forwarding, printing, copying, distribution, or use of such 
information is strictly prohibited and may be unlawful. If you are not the 
addressee, please promptly delete this message and notify the sender of the 
delivery error by e-mail or you may call Cerner's corporate offices in Kansas 
City, Missouri, U.S.A at (+1) (816)221-1024.
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org

Reply via email to