SecState Evaluation
by Rodrian, Logan P (IS)
Hello-
Along with the recent release of CLIP, I have begun using SecState to perform auditing and remediation for my system. In performing these tasks and viewing the reports, I found that there were multiple issues with both the checks and the fixes being performed incorrectly, along with some inconsistencies with the description versus the performed check/fix.
>From the common profile, which is what I am running, I found the following:
Check Incorrect (Pre Remediation) 15
Remediation Fix Broken 1
Check Incorrect (Post Remediation) 15+19 (34)
I have compiled a spreadsheet documenting my findings.
1) What/who should the findings be submitted to? What format?
2) When is the planned release or any fixes?
Logan Rodrian
11 years, 4 months
SecState 0.6.0 Release
by Francisco Slavin
All,
Tresys is pleased to announce the release of the SecState 0.6.0. This latest version of SecState is targeted at and tested on RHEL 6.2. This release includes the following features:
- BASH Remediation support [1]. We have moved to BASH script-based remediation in response to feedback from the remediation content community.
- Included in CLIP for RHEL 6.2 [2].
- Updated OpenSCAP [3]. SecState currently leverages OpenSCAP 0.9.1. We had to rely on a newer version than the base OpenSCAP available on RHEL 6.2 for bugfixes to the library.
- Tested with SCAP Security Guide (SSG) audit content [4]. The Tresys CLIP team currently uses SecState to consume SCAP Security Guide content for all automated system auditing.
- Tested with Aqueduct remediation content [5]. The Tresys CLIP team currently contributes BASH remediation content to the Aqueduct project and uses SecState to consume that content.
RPMs and a tarball are available on the download page: https://fedorahosted.org/secstate/wiki/Download#DownloadingSecstate
The mailing lists are now back up and operational as well.
Thank you
- Francisco
[1] https://fedorahosted.org/secstate/wiki/RemediationContentHowTo
[2] http://oss.tresys.com/projects/clip
[3] http://open-scap.org/page/Main_Page
[4] https://fedorahosted.org/scap-security-guide/
[5] https://fedorahosted.org/aqueduct/
-----
Francisco Slavin
Junior Systems Engineer
Tresys Technology
8840 Stanford Boulevard, Suite 2100
Columbia, MD 21045
Phone: +1 410-290-1411 x144
FAX: +1 410 953-0494
11 years, 4 months