I've been using the SCAP Security Guide for the past two years to manage
the lock down and deployment of EL7 machines in our lab and one of the best
features I've seen is the move from a single "STIG for Red Hat Enterprise
Linux" profile targeting servers to three separate profiles for Server,
Server with GUI, and Workstation. I just used the EL7 STIG Workstation
profile this week with the SSG in the EL7 repos. It's extremely useful to
me since all of our machines are used as workstations, not servers, so to
have a profile that works out of the box without needing to do excessive
customization, and in turn, justification of said customizations is very
handy.
So imagine my surprise and dismay when I used the most recent release from
the Copr repo and discovered that my convenient separate profiles were now
all gone to align with the recently released singular DISA server profile.
Are there any plans with the various contributors involved (RH, DoD,
others, etc.) to re-work the server STIG profile again to have a separate
upstream-supported STIG profile for Workstation usage? Having it in
previous releases has proven to be an extremely useful feature and I would
hate to see it regress back to "Linux is just for servers".
----------
Chuck Atkins
Staff R&D Engineer, Scientific Computing
Kitware, Inc.