Re: [Open-scap] Windows Support

2017-02-14 Thread Watson Yuuma Sato
On 13/02/17 20:32, Lubell, Joshua (Fed) wrote: I'm excited about the planned Windows support! Hi, happy to hear that. My particular interest relates to the SCAP Security Guide project. Specifically, I would like to be able to experiment with the SSG source and possibly contribute to SSG in

[Open-scap] SCAP Workbench 1.1.4

2017-01-13 Thread Watson Yuuma Sato
Hi, A new release of SCAP Workbench is out! This release brings a lot of bug fixes and improvements, including a lot of UX improvements and fixes for inappropriate error messages (fetch remote resources and query capabilities). Keep in mind that Windows and MacOSX builds use unreleased

[Open-scap] SCAP Security Guide 0.1.32

2017-03-30 Thread Watson Yuuma Sato
Hello folks, We have the pleasure to announce that SCAP Security Guide version 0.1.32 has has been release. Highlights of this release: * New CMake build system * Improved NIST 800-171 profile * Initial RHVH profile * New CPE to identify systems like machines (bare-metal and VM) and

Re: [Open-scap] OpenSCAP for embedded/network devices

2017-03-15 Thread Watson Yuuma Sato
On 25/02/17 16:43, Lee Wilson wrote: Hi Everyone, Hi Lee, sorry for delayed response. I've recently come across OpenSCAP after wasting my time with openVAS as a means of improving the way my company does vulnerability and configuration management of our network devices (e.g. Cisco,

Re: [Open-scap] Open-scap-list Digest, Vol 96, Issue 8

2017-03-20 Thread Watson Yuuma Sato
Hi Greg, On 17/03/17 21:06, Greg Silverman (CS) wrote: Still having problems, the generated script is an empty file. Here is the tailoring file I created, ssg-rhel7-ds-tailoring.xml, with the workbench. It is just an example, to verify I can customize the scanning and fix generation. This

Re: [Open-scap] OpenSCAP for embedded/network devices

2017-03-16 Thread Watson Yuuma Sato
On 15/03/17 17:24, Eric Holtzclaw wrote: You do have support for Cisco http://www.cisco.com/c/en/us/about/security-center/oval-security-automation.html I see that Cisco provides OVAL content to scan their devices, and even provides an example of how to do so, but using joval, which can

[Open-scap] SCAP Security Guide 0.1.34

2017-06-29 Thread Watson Yuuma Sato
Hello folks, We have the pleasure to announce that SCAP Security Guide version 0.1.33 has been released. Highlights of this release: * Unification of where templates and csv reside * Optimization and clean up of build system * Lots of Ansible remediations added * Bash remediation functions

[Open-scap] SCAP Security Guide 0.1.33

2017-05-03 Thread Watson Yuuma Sato
Hello folks, We have the pleasure to announce that SCAP Security Guide version 0.1.33 has been released. Highlights of this release: * DISA RHEL7 STIG profile alignment improved * Introduction of remediation roles * RPM and DEB test packages are built by CMake with CPack * Lots of remediation

[Open-scap] SCAP Security Guide 0.1.35

2017-08-29 Thread Watson Yuuma Sato
Hello folks, We have the pleasure to announce that SCAP Security Guide version 0.1.35 has been released. Highlights of this release: * Remove Red Hat Enterprise Linux 5 content due to being End-of-Life March 31, 2017 * Added several templates for OVAL checks * Removal of input directory

[Open-scap] SCAP Security Guide 0.1.36

2017-10-31 Thread Watson Yuuma Sato
Hello folks, We have the pleasure to announce that SCAP Security Guide version 0.1.36 has been released. Highlights of this release:  * Introduction of SCAP Security Guide Test Suite  * Better alignment of RHEL6 and RHEL7 with DISA STIG  * Remove JBoss EAP5 content due to being End-of-Life  *

[Open-scap] Fedora Updates for SCAP Security Guide

2018-05-08 Thread Watson Yuuma Sato
Hello, There are Fedora updates for SCAP Security Guides package updating it to latest upstream, version 0.1.39. Fedora 28 - https://bodhi.fedoraproject.org/updates/FEDORA-2018-3f713ee7a8 Fedora 27 - https://bodhi.fedoraproject.org/updates/FEDORA-2018-9516859f4b Fedora 26 -

[Open-scap] SCAP Security Guide 0.1.39

2018-05-02 Thread Watson Yuuma Sato
Hello folks, We have the pleasure to announce that SCAP Security Guide version 0.1.39 has been released. Highlights of this release: * XCCDF Rules moved to yaml format * Jinja2 templating for Rules, Checks and remediation introduced * Profile IDs simplified * Product Oracle Linux 7 added *

Re: [Open-scap] SCAP workbench on Windows 7

2018-01-11 Thread Watson Yuuma Sato
On 11/01/18 13:44, Sachin Vyas wrote: Hello, Could someone please help how to set up Scap Workbench on Windows 7 to perform remote machine scan using public-private key. I have not been able to resolve the win-ssh-askpass prompt issue. Thanks, Sachin

Re: [Open-scap] Patches on Red Hat 6

2018-01-11 Thread Watson Yuuma Sato
On 10/01/18 19:40, Jordi Llorens wrote: Hi  I've received FAIL on the :  Ensure Software Patches Installed  I have Internet connection. You might have a package that is not updated, please make sure they are.  This is the result of a Yum  repolist command execution : Loaded plugins:

Re: [Open-scap] SCAP workbench on Windows 7

2018-01-11 Thread Watson Yuuma Sato
On 11/01/18 14:40, Watson Yuuma Sato wrote: But if you are going to setup a remote Linux machine, it might be easier to just use CLI oscap-ssh, which is what SCAP Workbench relies on. Sorry, SCAP Workbench does not rely on oscap-ssh. But you still can use it if on remote Linus machine

Re: [Open-scap] Patches on Red Hat 6

2018-01-10 Thread Watson Yuuma Sato
On 10/01/18 18:24, Jordi Llorens wrote: Hello   I'm using a SCAP Workbench 1.1.5 (OpenScap 1.3.0)   I want to check in a remote  Red Hat Server 6 the level of patches installed.  I've tried several profiles with no luck. Can you tell me wich profile can I use for check this? Hello, Any

Re: [Open-scap] SCAP workbench on Windows 7

2018-01-18 Thread Watson Yuuma Sato
wrote: Subject: Re: [Open-scap] SCAP workbench on Windows 7 To: open-scap-list@redhat.com, "Watson Yuuma Sato" <ws...@redhat.com> Date: Thursday, January 11, 2018, 4:23 PM Thank you for the response. SCAP workbench installed under C:\Program Files (x86)\scap-

Re: [Open-scap] RHEL 7 GRUB2 boot password

2018-01-25 Thread Watson Yuuma Sato
On 24/01/18 21:05, Dan White wrote: "superusers should be root, admin or administrator" Are you sure it shouldn't be "superusers should *NOT* be root, admin or administrator" ? You are correct, the superuser should not be root, admin nor administrator. I changed mine from "root" to

Re: [Open-scap] oscap-ssh use questions

2018-02-06 Thread Watson Yuuma Sato
On 06/02/18 15:58, Watson Yuuma Sato wrote: Also, is there any way to push the oval file to the remote server being scanned rather than it trying to reach out to redhat.com and failing ? Currently, there is no way to do that via oscap-ssh. For the time being, a workaround that can work

Re: [Open-scap] oscap-ssh use questions

2018-02-06 Thread Watson Yuuma Sato
On 26/01/18 19:39, Dan White wrote: Hello Dan, sorry for late response A two question head-scratcher: "admin" has sudo-NOPASSWD permissions and an ssh key pair in place. The scan works, but what do I need to change to get the results pulled back to the server sending the command ? This is a

[Open-scap] SCAP Security Guide 0.1.37

2018-01-03 Thread Watson Yuuma Sato
Hello folks, We have the pleasure to announce that SCAP Security Guide version 0.1.37 has been released. Highlights of this release: * New Profile DISA STIG for Apache HTTP for RHEL7 * Support for Ansible remediations in SSG Test Suite * Better content support for DISA STIG Viewer For a more

Re: [Open-scap] syslog-ng setting issue in debian 8

2018-08-29 Thread Watson Yuuma Sato
On 29/08/18 11:05, Dhanushka Parakrama wrote: Hi  Team Hello Dhanushka, What version of SSG are you using? This looks like a bug on 0.1.40 release, the package and service names used in bash remediation for syslog-ng are different than your commands, we use "syslogng" for package and

Re: [Open-scap] Scanning Ubuntu / Debian servers with openscap

2018-08-27 Thread Watson Yuuma Sato
Hello Dhanushka, On 23/08/18 15:43, Dhanushka Parakrama wrote: Hi Marek and All Thanks for the input , I downloaded https://github.com/OpenSCAP/scap-security-guide/releases  and  ran the scan on *Ubuntu 14.04.1 LTS *machine but got following error in the output  , Is there any reason for

Re: [Open-scap] syslog-ng setting issue in debian 8

2018-08-29 Thread Watson Yuuma Sato
On 29/08/18 11:35, Dhanushka Parakrama wrote: Hi  Watson On Wed, 29 Aug 2018 at 14:51, Watson Yuuma Sato <mailto:ws...@redhat.com>> wrote: On 29/08/18 11:05, Dhanushka Parakrama wrote: Hi  Team Hello Dhanushka, What version of SSG are you using? This looks l

Re: [Open-scap] Ensure Log Files Are Owned By Appropriate Group setting Issue in Debian 8

2018-09-10 Thread Watson Yuuma Sato
018 at 18:28, Watson Yuuma Sato <mailto:ws...@redhat.com>> wrote: On 29/08/18 18:34, Dhanushka Parakrama wrote: Hi  Team We have ran the scan for debian 8 using below command *oscap  xccdf eval   --profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_high

Re: [Open-scap] Ensure Log Files Are Owned By Appropriate Group setting Issue in Debian 8

2018-08-31 Thread Watson Yuuma Sato
On 29/08/18 18:34, Dhanushka Parakrama wrote: Hi  Team We have ran the scan for debian 8 using below command *oscap  xccdf eval   --profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report report.html  ssg-debian8-ds.xml* * * Got alerts as below , === * *

[Open-scap] SCAP Security Guide 0.1.38

2018-03-02 Thread Watson Yuuma Sato
Hello folks, We have the pleasure to announce that SCAP Security Guide version 0.1.38 has been released. Highlights of this release: * New License - BSD-3 Clause * New Profiles for development introduced:     * ANSSI     * HIPAA     * C2S-Docker * Adoption of CTest for schema validation *

[Open-scap] Fedora updates for SCAP Security Guide 0.1.41

2018-10-01 Thread Watson Yuuma Sato
Hello, I've proposed updates to Fedora packages for scap-security-guide-0.1.41. If you can, please, test and provide karma. Fedora 29 - https://bodhi.fedoraproject.org/updates/FEDORA-2018-0d60f79d06 Fedora 28 - https://bodhi.fedoraproject.org/updates/FEDORA-2018-bad4ea7d4f Thank you for your

[Open-scap] SCAP Security Guide 0.1.41

2018-10-01 Thread Watson Yuuma Sato
Hello everybody, We have the pleasure to announce release of SCAP Security Guide 0.1.41. Although it is named SCAP Security Guide, the project is now under ComplianceAsCode organization (https://github.com/ComplianceAsCode/content). For more on this move, see

Re: [Open-scap] Set SSH Idle Timeout Interval Debian 8

2018-08-30 Thread Watson Yuuma Sato
On 29/08/18 19:00, Dhanushka Parakrama wrote: Guys Hello Dhanushka, The "anssi_np_nt28_high profile" extends "anssi_np_nt28_restrictive", which "extends anssi_np_nt28_average". And "average" Profile sets value "sshd_idle_timeout_value=5_minutes", i.e. 300. So value 400 for