scap-security-guide@lists.fedorahosted.org

14 participants
14 discussions

Question regarding EL7 gnome/dconf remediation strategy

by Sean

Hi all, I have been carefully watching the EL7 security guide remediation development over the past few months hoping to get a leg up on the first release of the EL7 DISA-STIG. I have really enjoyed the work all of the contributors are putting in, at times the remediations have driven me to look at solving other problems in more graceful ways! So thank you for all the collective knowledge being put into this project! So onto the question... I was looking at the gnome gui related items and how dconf has replaced gconftool-2. I have already used dconf db files to tweak gnome desktops and wonder if my testing strategy is faulty, or if there is a shortcoming in limiting your search of dconf files to the local.d directory, and perhaps not including the site.d directory as well. Let's take the screensaver idle-delay as an example. It seems that profiles typically follow this pattern: user->local->site. It's been my experience through some basic testing of the possibilities, that when a site level idle-delay and lock is in place, it overrides the local level idle-delay and lock configuration the remediation would assert. This would mean that the setting not comply with the SCAP test but still pass the test, right? Does the community see this as an issue? Or perhaps this is designed to allow for deviation from the standard? Thanks for your input, and again especially for all the effort put in! --Sean

8 years, 4 months

2
2
0 / 0

SCAP Security Guide 0.1.27 is the latest stable release (to search for download from now on)

by Jan Lieskovsky

Hello folks, since it has been again almost two months since the last SSG release (SCAP Security Guide 0.1.26 has been released Mon Oct 19-th 2015), and since there have been pretty lot of code changes during this period, let me introduce the latest stable SCAP Security Guide 0.1.27 release: Highlights of this release include: New CNSS No. 1253 Profile for Red Hat Enterprise Linux 6, New C2S (CIS) Profile for Red Hat Enterprise Linux 7, New Debian/8 (Jessie) product and initial benchmark for it, (Thanks to Jean-Baptiste Donnette and Philippe Thierry for the work on this!) Improved (more granular) mapping of official PCI DSS v3 standard to the PCI DSS profile for Red Hat Enterprise Linux 7, Finished (OVALs, and selected remediations) for PCI DSS profile for Red Hat Enterprise Linux 6. More granular mapping of official rules to come yet. Other numerous XCCDF, OVAL, and remediation scripts enhancements and bug fixes. Be sure to check a more detailed Changelog / Release Notes at: [1] https://github.com/OpenSCAP/scap-security-guide/releases/tag/v0.1.27 and test the code: [2] https://github.com/OpenSCAP/scap-security-guide/archive/v0.1.27.tar.gz (tarball) [3] https://github.com/OpenSCAP/scap-security-guide/releases/download/v0.1.27... (DataStream formatted pre-built Zip archive using 5.11 as OVAL language schema version), [4] https://github.com/OpenSCAP/scap-security-guide/releases/download/v0.1.27... (DataStream formatted pre-built Zip archive using 5.10 as OVAL language schema version). Should you find any issue(s), be sure to report it(them): [5] https://github.com/OpenSCAP/scap-security-guide/issues/new Happy hardening! Regards, Jan. -- Jan iankko Lieskovsky (on behalf of the SCAP Security Guide upstream team) P.S.: Full list of issues / PRs closed within this release is reachable at: [6] https://github.com/OpenSCAP/scap-security-guide/issues?q=milestone%3A0.1.27

8 years, 4 months

1
0
0 / 0

Re: XCCDF variables associated with "sysctl_net_ipv4_conf_*" do not seem to be getting used.

by S, Gautam

Hello Simon, Thank you for looking into this! I will start trying out the changes. Best Regards, Gautam.

8 years, 4 months

1
0
0 / 0

Verbose mode in OpenSCAP 1.2.7

by Jan Cerny

Hello, I have written a short article about verbose mode in OpenSCAP. http://www.jan-cerny.cz/2015/12/09/verbose-mode-in-openscap-1-2-7/ Jan Černý Security Technologies | Red Hat, Inc.

8 years, 4 months

1
0
0 / 0

← Newer
1
2
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

scap-security-guide December 2015