On Wed, Jul 23, 2014 at 5:56 AM, Christian Beer
<
cb.mai...@googlemail.com> wrote:
> Hi I downloaded the Benchmark paper and tool a quick look.
>
> The question is what is to do? As I understand the document one has to
> copy the script snippets from the audit sections into the CIS text files
> and annotate with some information, right?
>
> This seems to me like a copy&paste job and a pull request on github.
>
I'd start by copying one of the older files, modifying the OS version
check to work with the version you want to check. Then adjust as new
alerts come in.
I think I'll give this a shot with Centos 7 and report back.
> Regards
> Christian
>
> Am 23.07.2014 10:31, schrieb Michiel van Es:
>> Hello,
>>
>> We see that OSSEC does some CIS checks for Red Hat 5 and older.
>> Is it possible to update the CIS checks in OSSEC to do CIS checks for
>> RHEL 6 etc?
>> (
http://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.120)
>> This helps with PCI-DSS v3 compliance (2.2).
>>
>> Or is it easy to add these checks yourself or are they on the planning
>> to be included in a new release?
>>
>> Michiel
>>
>> --
>>
>> ---
>> You received this message because you are subscribed to the Google
>> Groups "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send
>> an email to
ossec-list+...@googlegroups.com
>> <mailto:
ossec-list+...@googlegroups.com>.
>> For more options, visit
https://groups.google.com/d/optout.
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups "ossec-list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
ossec-list+...@googlegroups.com.