RHEL 7 Draft SSG Scans on a SIMP System
24 views
Skip to first unread message
Trevor Vaughan
Jan 3, 2017, 3:24:48 PM1/3/17
to SCAP Security Guide, SIMP Users
Hi All,
We've recently finished running the Draft RHEL 7 STIG against an instance of SIMP running atop Puppet Enterprise and thought that the results might be of interest.
The server scan can be found at: https://github.com/trevor-vaughan/ssg-scans/blob/master/2016-12-22-rhel-7-draft-stig-simp-6.0.0-Alpha-server-with-puppet-enterprise-report.md
The client scan can be found at: https://github.com/trevor-vaughan/ssg-scans/blob/master/2016-12-22-rhel-7-draft-stig-simp-6.0.0-Alpha-client-report.md
We would certainly be interested in discussion regarding any items marked with "Suggest SSG Feedback" and we will be incorporating the reports into our core documentation right after we fix the findings.
On a slightly side note, I'm now collecting banners for SIMP, if you have one you'd like to donate, PRs are most welcome to https://github.com/simp/pupmod-simp-issue (look in the 'files' directory).
Thanks,
Trevor
--
-- This account not approved for unencrypted proprietary information --
Trevor Vaughan
Vice President, Onyx Point, Inc
Vice President, Onyx Point, Inc
-- This account not approved for unencrypted proprietary information --
Shawn Wells
Jan 3, 2017, 10:48:05 PM1/3/17
to Trevor Vaughan, SCAP Security Guide, SIMP Users
On 1/3/17 3:24 PM, Trevor Vaughan wrote:
> Hi All,
>
> We've recently finished running the Draft RHEL 7 STIG against an
> instance of SIMP running atop Puppet Enterprise and thought that the
> results might be of interest.
>
> The server scan can be found
> at: https://github.com/trevor-vaughan/ssg-scans/blob/master/2016-12-22-rhel-7-draft-stig-simp-6.0.0-Alpha-server-with-puppet-enterprise-report.md
>
> The client scan can be found
> at: https://github.com/trevor-vaughan/ssg-scans/blob/master/2016-12-22-rhel-7-draft-stig-simp-6.0.0-Alpha-client-report.md
>
> We would certainly be interested in discussion regarding any items
> marked with "Suggest SSG Feedback" and we will be incorporating the
> reports into our core documentation right after we fix the findings.
>
> On a slightly side note, I'm now collecting banners for SIMP, if you
> have one you'd like to donate, PRs are most welcome
> to https://github.com/simp/pupmod-simp-issue (look in the 'files'
> directory).
>
it.... but you'll likely find responses slow as most @redhat.com staff
returned today from 1-1.5 weeks of corporate holiday shutdown. Thanks
for starting the thread! Speaking for myself, I'll likely have time to
review (in detail) Thursday.
Trevor Vaughan
Jan 4, 2017, 3:06:07 PM1/4/17
to Nathanael D. Noblet, SCAP Security Guide, SIMP Users
Hi Nathanael,
Thanks for pointing that out. That would be me copy/pasting the wrong line from my crontab :-|.
I'll PR that correction into the reports.
Trevor
On Wed, Jan 4, 2017 at 11:19 AM, Nathanael D. Noblet <nath...@gnat.ca> wrote:
Hello,
I was just skimming the server scan results and noticed the
following. I haven't the foggiest idea what it could imply but seemed
odd.
Under https://github.com/trevor-vaughan/ssg-scans/blob/master/2016-12-2
2-rhel-7-draft-stig-simp-6.0.0-Alpha-server-with-puppet-enterprise-
report.md#configure-periodic-execution-of-aide
It talks about enabling aide via cron, but the Notes have this:
32 5 * * 0 /bin/nice -n 19 /usr/bin/clamscan -l /var/log/clamscan.log
--official-db-only=yes -r --no-summary -i --bytecode-timeout=60000 --
max-files=10000 --max-filesize=25M --max-scansize=100M --max-
recursion=16 --max-dir-recursion=15 /tmp /var/tmp /dev/shm
Which seems completely unrelated to aide...
--
Nathanael
> _______________________________________________
> scap-security-guide mailing list -- scap-security-guide@lists.fedorah
> osted.org
> To unsubscribe send an email to scap-security-guide-leave@lists.fedor
> ahosted.org
Trevor Vaughan
Jan 4, 2017, 3:16:54 PM1/4/17
to Shawn Wells, SCAP Security Guide, SIMP Users
No problem, just wanted to get it out there when I got it!
Glad that it will be helpful.
Trevor
--
You received this message because you are subscribed to the Google Groups "SIMP Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simp-users+unsubscribe@googlegroups.com.
To post to this group, send email to simp-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simp-users/3acac0b9-8cdd-dfe6-6ea3-2de5ce410291%40redhat.com.
For more options, visit https://groups.google.com/d/optout.
Trevor Vaughan
Jan 5, 2017, 10:59:10 AM1/5/17
to Nathanael D. Noblet, SCAP Security Guide, SIMP Users
Just wanted to let you know that I've updated this section. Thanks for letting me know.
On Wed, Jan 4, 2017 at 11:19 AM, Nathanael D. Noblet <nath...@gnat.ca> wrote:
Hello,
I was just skimming the server scan results and noticed the
following. I haven't the foggiest idea what it could imply but seemed
odd.
Under https://github.com/trevor-vaughan/ssg-scans/blob/master/2016-12-2
2-rhel-7-draft-stig-simp-6.0.0-Alpha-server-with-puppet-enterprise-
report.md#configure-periodic-execution-of-aide
It talks about enabling aide via cron, but the Notes have this:
32 5 * * 0 /bin/nice -n 19 /usr/bin/clamscan -l /var/log/clamscan.log
--official-db-only=yes -r --no-summary -i --bytecode-timeout=60000 --
max-files=10000 --max-filesize=25M --max-scansize=100M --max-
recursion=16 --max-dir-recursion=15 /tmp /var/tmp /dev/shm
Which seems completely unrelated to aide...
--
Nathanael
On Tue, 2017-01-03 at 22:48 -0500, Shawn Wells wrote:
>
> _______________________________________________
> scap-security-guide mailing list -- scap-security-guide@lists.fedorah
> osted.org
> To unsubscribe send an email to scap-security-guide-leave@lists.fedor
> ahosted.org
Samuel Vange
Jan 6, 2017, 7:11:23 PM1/6/17
to SIMP Users
This is great! Thank you!
Reply all
Reply to author
Forward
0 new messages