I noticed that the majority of the rule definitions now have NIST 800-53 identifiers or an empty set of quotes where an identifier will be added. Is there a way to get the already-added identifiers to show-up on the .html scan results? At the moment all I can see is the CCE number.
Double posting to Scap-Security-Guide and OpenSCAP mailing list...
Can I get a show of hands a late September or early October, one or two day code-a-thon around baseline configurations and integrating compliance tools with DevOps?
The space of SCAP, baselines, and general integration of security with DevOps seems to be getting frothy lately with activity. Examples: http://bit.ly/DevOpsAudit, OpenSCAP on Github, https://github.com/fisma-ready/ubuntu-lts. We also have some work, like http://martin.preisler.me/2014/07/openscap-html-report-redesign/ that could benefit from some shared face time and coding.
I think there would be a nice turn out in DC for such an event.
Sent from my iPhone
I have been trying to get oscap working on my CentOS6.5 network core,
Everything comes back with "Result notapplicable".
I am pretty new to SCAP and XCCDF, but am a long-time user of Nessus and
Security Center (prior to ACAS program by DISA).
Does anyone have suggestions where I can find some in depth guidance to
adjust the rhel6 configs to CentOS?
Jeffrey D. Pettorino, GCIH, CISSP
High Performance Computing Research Center
United States Air Force Academy
The use of the Unix philosophy just for UNIX was a great waste.
Fortunately, Linux came along.
- Bellevue Linux User Group member, 2005
These patches fix some OVAL false positives for SSH configuration checks that were showing that they had passed even when they were not configured in sshd_config.
[bugfix] - disable_host_auth OVAL false positive
[bugfix] - sshd_disable_rhosts OVAL false positive
[bugfix] - sshd_disable_root_login OVAL false positive
shared/oval/disable_host_auth.xml | 4 ++--
shared/oval/sshd_disable_rhosts.xml | 4 ++--
shared/oval/sshd_disable_root_login.xml | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
Add oval for aide to check that it is running in a cron job.
This is a resubmit.
add aide cron oval check
.../6/input/checks/aide_periodic_cron_checking.xml | 39 ++++++++++++++++++++++
.../fixes/bash/aide_periodic_cron_checking.sh | 1 +
RHEL/6/input/system/software/integrity.xml | 1 +
3 files changed, 41 insertions(+)
create mode 100644 RHEL/6/input/checks/aide_periodic_cron_checking.xml
create mode 100644 RHEL/6/input/fixes/bash/aide_periodic_cron_checking.sh
These are David Smith's changes emailed to the scap-security-guide list on Thu
Jul 17 18:21:29 UTC 2014, but applied to the RHEL/7 directory. Also I found a
typo and fixed it both in RHEL/6 and RHEL/7.
I'm attempting to send these patches using Outlook. This may fail.
Jared Jennings (4):
correct punctuation error in NIST SP800-53 reference
updated transforms to reflect 800-53 rev4
updated 800-53 control references (services)
updated 800-53 control references (system)
RHEL/6/input/system/auditing.xml | 2 +-
RHEL/7/input/services/base.xml | 18 ++++----
RHEL/7/input/services/obsolete.xml | 28 +++++++-------
RHEL/7/input/services/ssh.xml | 4 +-
RHEL/7/input/system/auditing.xml | 58 ++++++++++++++--------------
RHEL/7/input/system/network/ipsec.xml | 2 +-
RHEL/7/input/system/network/kernel.xml | 2 +-
RHEL/7/input/system/network/wireless.xml | 8 ++--
RHEL/7/input/system/software/integrity.xml | 12 +++---
RHEL/7/transforms/constants.xslt | 2 +-
RHEL/7/transforms/xccdf2html.xslt | 4 +-
11 files changed, 70 insertions(+), 70 deletions(-)