It may be over the top for your use case, but you might want to also look at the FOSS SIMP project https://simp-project.com (shamelss SSG-related plug).
We target SSG compliance but it's imminently flexible and manages your system state over time instead of just at one time. You can spawn an AWS instance using our base 6.1 load from the Marketplace to try it out. Trevor On Thu, Mar 1, 2018 at 10:59 PM, Fen Labalme <[email protected]> wrote: > The goal is to create a hardened EC2 server on AWS from scratch. After > provisioning a new RHEL/7 instance on AWS, we run `yum -y update` followed > by the bash remediations from SSG using: > > command: 'oscap xccdf eval --profile {{ scapprofile }} --remediate \ > --results-arf /tmp/results-arf.xml --report /tmp/report.html \ > /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml' > > But there are some remediations I don't want to run for an EC2 server such > as install_smartcard_packages.sh and dracut-fips. Is there a way to > prevent certain remediations from running? > > Thanks, > =Fen > > > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
