[Open-scap] Ubuntu Security Guide content

2019-01-30 Thread Todd Williams 


Hello,

I am new to SCAP and have been tasked with setting it up on a Ubuntu test
system.  It is running Ubuntu 18.04.1 LTS.  I have these 2 packages
installed:

libopenscap8/bionic,now 1.2.15-1build1 amd64 [installed]
scap-workbench/bionic,now 1.1.5-1 amd64 [installed]

I can bring up the GUI for the workbench, but with no security content I am
stuck as far as being able to run a scan and/or editing the security
requirements.According to the web site there is no security guide for
Ubuntu.




But I have been told that there is a package for Ubuntu out there, "apt-get
list" did not return anything, can someone tell if there is or not?


  
  
  
   Thanks,
   Todd M. Williams   
   Unix System Admin, devIT-US,   
   AIX/Linux/CC/CQ/SPoRT/DB2  
   Phone: 772-257-5706 | Mobile: 772-925-2042 
   E-Mail: tod...@us.ibm.com  
   devIT  
  


___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] Hardening Redhawk 6.5

2019-01-30 Thread Boucher, William 
Thanks, I'll take a look at that.

William B. Boucher, BSEE
Embedded Systems Software Engineer
Information Systems Security Manager
MZA Associates Corporation
4900 Lang Ave. NE, Suite 100
Albuquerque, NM 87109-9708
Phone: 505.245.9970 x166
Fax: 505.245.9971
Cell: 505.459.7620
william.bouc...@mza.com

From: open-scap-list-boun...@redhat.com 
[mailto:open-scap-list-boun...@redhat.com] On Behalf Of Shawn Wells
Sent: Wednesday, January 30, 2019 2:16 AM
To: open-scap-list@redhat.com
Subject: Re: [Open-scap] Hardening Redhawk 6.5



On 1/29/19 11:14 PM, Boucher, William wrote:
Hi folks,

I've been tasked with applying the RedHat 6 STIG to several RedHawk 6.5 systems.
Running oscap should be relatively easy, to see where a base install sits 
initially (RedHawk is RedHat with modifications for embedded realtime use).
The RedHawk site talks about testing RedHawk performance after applying the 
RedHat STIG (in a white paper), but it makes no mention on how to apply it.



RedHawk Linux doesn't have a STIG or common criteria, so not sure what security 
configuration guides (if any) are available.

If the RHEL STIGs can be applied to it, akin to CentOS, the ComplianceAsCode 
user guide might be helpful:

https://github.com/ComplianceAsCode/content/blob/master/docs/manual/user_guide.adoc

Specifically remediation section:
https://github.com/ComplianceAsCode/content/blob/master/docs/manual/user_guide.adoc#remediation


Applying it manually is an option, but I'd sure like to automate some.
But my question really concerns adding packages (like selinix). RedHawk 
discourages using yum (with the RedHat repositories) to update packages, as 
there may be incompatibilities between the standard packages and the RedHawk 
modifications to the OS.
Perhaps I should direct this question to RedHawk support, but I thought I'd ask 
it here first to get your input.

Not sure how RedHawk works. If they're layering RedHawk software ontop of Red 
Hat instances, then you'd have a Red Hat subscription for every node (and could 
ask Red Hat support). If RedHawk is distributing their own independent linux 
distro, it'd be appropriate to query them about package management.


___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] Hardening Redhawk 6.5

2019-01-30 Thread Shawn Wells 


On 1/29/19 11:14 PM, Boucher, William wrote:


Hi folks,

I’ve been tasked with applying the RedHat 6 STIG to several RedHawk 
6.5 systems.


Running oscap should be relatively easy, to see where a base install 
sits initially (RedHawk is RedHat with modifications for embedded 
realtime use).


The RedHawk site talks about testing RedHawk performance after 
applying the RedHat STIG (in a white paper), but it makes no mention 
on how to apply it.




RedHawk Linux doesn't have a STIG or common criteria, so not sure what 
security configuration guides (if any) are available.


If the RHEL STIGs can be applied to it, akin to CentOS, the 
ComplianceAsCode user guide might be helpful:


https://github.com/ComplianceAsCode/content/blob/master/docs/manual/user_guide.adoc

Specifically remediation section:
https://github.com/ComplianceAsCode/content/blob/master/docs/manual/user_guide.adoc#remediation



Applying it manually is an option, but I’d sure like to automate some.

But my question really concerns adding packages (like selinix). 
RedHawk discourages using yum (with the RedHat repositories) to update 
packages, as there may be incompatibilities between the standard 
packages and the RedHawk modifications to the OS.


Perhaps I should direct this question to RedHawk support, but I 
thought I’d ask it here first to get your input.


Not sure how RedHawk works. If they're layering RedHawk software ontop 
of Red Hat instances, then you'd have a Red Hat subscription for every 
node (and could ask Red Hat support). If RedHawk is distributing their 
own independent linux distro, it'd be appropriate to query them about 
package management.



___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list