Hi, it ended up going well. I am not able to share my entire comparison sheet but security
has granted me permission to list some important instances where SCAP does not compare to
our SECSCN control selections.
1) Remove rhost support in PAM config files
2) Ensure x-server is configured to prevent listening on port 6000/TCP
3) Check the TCP max_syn_backlog setting
4) Verify no legacy + entries exist in passwd, shadow or group files
I am told I will be receiving a more expansive set of controls sometime in the next
couple weeks which may add to or omit elements of my current requirements. Does anyone
know where I may have missed a corresponding rule?
Luke K
________________________________________
From: scap-security-guide-bounces(a)lists.fedorahosted.org
[scap-security-guide-bounces(a)lists.fedorahosted.org] on behalf of Shawn Wells
[shawn(a)redhat.com]
Sent: Monday, November 18, 2013 5:01 PM
To: scap-security-guide(a)lists.fedorahosted.org
Subject: Re: EXTERNAL: Re: SECSCN and all_rules profile
On 11/12/13, 4:49 PM, Kordell, Luke T wrote:
Thank you for all the useful feedback! I am actually comparing the
SCAP rules against SECSCNcontrols that have already been selected. My team may choose to
utilize additional SCAP scans as we see fit, but my minimum requirements are somewhat
straight-forward. I realize that many of the controls are open to interpretation but I
think in some of these cases a series of SCAP rules can be called to check all aspects.
For instance one of our user account configuration control requirements can be covered by
calling two SCAP rules. I know this may not work in all cases, but to me it's worth
putting in the time to connect all the dots. In some situations SCAP seems more precise
than SECSCN which can make the two difficult to compare.
How'd the comparison go? Many parties would love to read your comments!
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide