I'm trying to understand all the pieces of SSG and how it relates to the content on the National Checklist Program Repository, specifically for Redhat 6.
In RHEL6, I did a yum install scap-security-guide to get the SSG from the Redhat repos. I took a look at file:///usr/share/doc/scap-security-guide-0.1.21/rhel6-guide.html and I can see all the settings, but does this include everything that is in the SCAP content found on the NIST National Checklist Program Repository?
Are there any kickstarts available to help configure systems? Just confused on how this all fits together.
Hello Joe,
apologize for a late reply.
----- Original Message -----
From: joescap@mm.st To: scap-security-guide@lists.fedorahosted.org Sent: Thursday, January 7, 2016 12:48:55 AM Subject: Understanding the Pieces
I'm trying to understand all the pieces of SSG and how it relates to the content on the National Checklist Program Repository, specifically for Redhat 6.
If under "official" NCPR content for Red Hat Enterprise Linux 6 you mean the Red Hat 6 STIG Version 1, Release 9: [1] https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=438
then the answer is yes, this content is being derived from the latest content for RHEL/6 product, as being available in SSG.
If under "official" content for RHEL-6 system you have meant also this benchmark: [2] https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=491
I can't comment on that (don't have the information) which content is this benchmark being based on (you would need to check with Oracle Linux 6 product vendor).
In RHEL6, I did a yum install scap-security-guide to get the SSG from the Redhat repos. I took a look at file:///usr/share/doc/scap-security-guide-0.1.21/rhel6-guide.html and I can see all the settings, but does this include everything that is in the SCAP content found on the NIST National Checklist Program Repository?
Yes (in the sense content in [1] is being gradually derived from the latest code for RHEL/6 product as being available in SCAP Security Guide repository).
Are there any kickstarts available to help configure systems?
Yes. Check out the content of the 'kickstart' directory, included within scap-security-guide RPM:
* Case a) -- this is the content of that directory with # rpm -q scap-security-guide scap-security-guide-0.1.21-3.el6.noarch
# rpm -ql scap-security-guide | grep kickstart /usr/share/scap-security-guide/kickstart /usr/share/scap-security-guide/kickstart/ssg-rhel6-usgcb-server-with-gui-ks.cfg
* Case b) -- this is the current content of that directory as present in SSG 'master':
[3] https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/6/kickstart
the 'ssg-rhel6-stig-ks.cfg' corresponds to the content of [1] benchmark.
Just confused on how this all fits together.
Hope this helps.
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/scap-security-guide@lists.fedorah... https://github.com/OpenSCAP/scap-security-guide/
scap-security-guide@lists.fedorahosted.org
-
Jan Lieskovsky -
joescap@mm.st