Greetings Awesome Scap Security Guide Developers,
I've been looking at this project and it is very exciting to see the work you are doing here. Thank you so much for helping make Linux more secure.
I'm not sure how all this works, so please forgive me in advance.
I've attached some tweaks to some of the RHEL 7 remediation scripts that might be useful.
Here are some issues that I didn't see an easy fix for found will testing this on CentOS 7. Bugs:
* Enable Randomized Layout Virtual Address Space check is failing, despite being applied (content_rule_sysctl_kernel_randomize_va_space)
* Accounts password PAM retry check failing, despite being applied (content_rule_accounts_password_pam_retry)
* Mount option var temp bind check failing, despite being applied (content_rule_mount_option_var_tmp_bind)
Features Request:
* In the html report, add a Group rules by "STIG number" "RHEL-07-TBD"
Thank you so much for your work on this!
[Astronics-BT-Logo-Signature]http://www.ballardtech.com/ Molly Jo Bault | Design Engineer 11400 Airport Rd Ste 201 | Everett, WA 98204 | USA | P: +1.425.339.0281 x123 | F: +1.425.339.0915
This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail.
Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
Forwarding email from SSG ML queue (it wasn't possible to accept it directly via SSG ML admin iface due to "Message not found" error).
Thanks, Jan -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
----- Forwarded Message ----- From: "Molly Jo Bault" MollyJo.Bault@ballardtech.com To: scap-security-guide@lists.fedorahosted.org Sent: Thursday, July 14, 2016 10:26:36 PM Subject: CentOS 7 SSG Remediation Test Results
Greetings Awesome Scap Security Guide Developers,
I’ve been looking at this project and it is very exciting to see the work you are doing here. Thank you so much for helping make Linux more secure.
I’m not sure how all this works, so please forgive me in advance.
I’ve attached some tweaks to some of the RHEL 7 remediation scripts that might be useful.
Here are some issues that I didn’t see an easy fix for found will testing this on CentOS 7.
Bugs:
· Enable Randomized Layout Virtual Address Space check is failing, despite being applied (content_rule_sysctl_kernel_randomize_va_space)
· Accounts password PAM retry check failing, despite being applied (content_rule_accounts_password_pam_retry)
· Mount option var temp bind check failing, despite being applied (content_rule_mount_option_var_tmp_bind)
Features Request:
· In the html report, add a Group rules by “STIG number” “RHEL-07-TBD”
Thank you so much for your work on this!
Molly Jo Bault | Design Engineer 11400 Airport Rd Ste 201 | Everett, WA 98204 | USA | P: +1.425.339.0281 x123 | F: +1.425.339.0915
This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail.
Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
----- Original Message -----
From: "Molly Jo Bault" MollyJo.Bault@ballardtech.com To: scap-security-guide@lists.fedorahosted.org Sent: Thursday, July 14, 2016 4:26:36 PM Subject: CentOS 7 SSG Remediation Test Results
Greetings Awesome Scap Security Guide Developers,
I've been looking at this project and it is very exciting to see the work you are doing here. Thank you so much for helping make Linux more secure.
I'm not sure how all this works, so please forgive me in advance.
I've attached some tweaks to some of the RHEL 7 remediation scripts that might be useful.
Here are some issues that I didn't see an easy fix for found will testing this on CentOS 7. Bugs:
Enable Randomized Layout Virtual Address Space check is failing,despite being applied (content_rule_sysctl_kernel_randomize_va_space)
Accounts password PAM retry check failing, despite being applied(content_rule_accounts_password_pam_retry)
Mount option var temp bind check failing, despite being applied(content_rule_mount_option_var_tmp_bind)
Features Request:
In the html report, add a Group rules by "STIG number""RHEL-07-TBD"
Thank you so much for your work on this!
[Astronics-BT-Logo-Signature]http://www.ballardtech.com/ Molly Jo Bault | Design Engineer 11400 Airport Rd Ste 201 | Everett, WA 98204 | USA | P: +1.425.339.0281 x123 | F: +1.425.339.0915
Hi Molly,
your patch looks awesome, kudos! We use the github pull request workflow when reviewing and accepting changes. Would you please consider splitting the patch up into smaller commits and submitting a pull request at https://github.com/OpenSCAP/scap-security-guide ?
That would make it much easier for us to run continuous integration tests, review and merge.
scap-security-guide@lists.fedorahosted.org
-
Bault, Molly Jo -
Jan Lieskovsky -
Martin Preisler