Hi,
You're correct that SCAP Security Guide was not shipped as a package in Ubuntu
16.04, but it is
shipped in Ubuntu 18.04.
The file “U_Canonical_16-04_LTS_V1R1_STIG.zip" is a different content, which
isn't provided by
SCAP Security Guide project, but is provided by DISA.
Regards
Jan Černý
OK! I downloaded the latest scap-security-guide source from Git and built it
for Ubuntu 1604. It compiles and runs!
Next challenge, during the compile it had trouble scanning the Oval file for
controls it was to evaluate, and it marked all of those it didn’t find as “not
applicable”. So I got a
We have been using the RPMs distributed by Redhat to run oscap and evaluate the
DISA STIG for Red Hat Enterprise Linux 7 profile. The latest version of the
scap-security-guide RPM we have is 0.1.40-12, which has V1R4 of that profile.
There is a V2R1, and, even a V2R2 version. Are RPMs for those
I just took a look at OpenSCAP and
ComplianceAsCode.
I obtained results that were at
variance with yours, and which failed to attain Glorious Victory.
Some comments inline.
On 1/23/19 10:10 AM, Boucher, William
wrote: