Nathanael;
I actually posted a very similar query earlier today. I found the reference that allowed
me to have RHEL SCAP content run on CentOS systems at this link:
https://www.redhat.com/archives/spacewalk-list/2014-November/msg00007.html
My earlier query is in attempt to help me better understand WHY the linked fix works. I am
striving to understand the interrelationships of the various SCAP components.
I hope the above link answers your question.
-Les
Subject: Running RHEL checks on CentOS
From: nathanael(a)gnat.ca
To: scap-security-guide(a)lists.fedorahosted.org
Date: Thu, 8 Jan 2015 13:19:14 -0700
Hello,
I've been looking at how to run the rhel checks against centos
machines and as I'm very much new to the SCAP world not making much
progress. I've been on IRC as gnat42 and have received quite a bit of
help there. Ultimately I have two goals.
#1) Become more proficient at setting up servers in a secure manner that
can be easily audited. I'm looking at a few different tools for this
openscap / scap-workbench being in the mix.
#2) Run the checks against Centos the same as RHEL.
#3) Be able to test a system against "approved security standards".
There are the guides from scap-security-guide. However there's PCI,HIPAA
and various others that would be nice to be able to use if possible. I'm
guessing I need to be better at #1 before I can do this. As I'm still
learning all the different file formats.
So for now #1 & #2 are my focus. How can I run the SSG basic profiles
against a Centos (v6 or v7) machine? I'm fine running them directly on
the machines or through scap-workbench via a Fedora 21 workstation. I'm
proficient at rebuilding packages if that will help. I'm fairly well
experienced with linux but not with high-end enterprise certifications /
infrastructure requirements etc...
Thanks in advance for any help!
--
Nathanael
--
SCAP Security Guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/