[ale] Security Template (STIG) Scripts for RHEL on github

Jerald Sheets questy at gmail.com
Thu Jan 8 14:10:54 EST 2015


Puppet would do that job more completely, I’d think, and would then maintain your site to that level of STIG compliance, and then provide audit trail when things change and Puppet puts it back.

I just did a site in Sacramento that manages the power grid for the state.  They needed this level of provisioning, security hardening, auditing, and reporting and Puppet + RHEL6 + IT automation ability, and Puppet fit the bill.

There’s also Raytheon’s “Security Blanket” that does a lot of this too.

—jms


> On Jan 8, 2015, at 9:28 AM, Raj Wurttemberg <rajaw at c64.us> wrote:
> 
> Can Ansible do simple checks on files?
> 
> Examples:
> - Check settings inside sshd_config
> - Check settings inside PAM files
> - Make sure certain NICs have a specific MTU
> 
> I looked at Ansible briefly, but I thought it was more for deploying
> settings and packages.  I'm looking to just QA servers.
> 
> Kind regards,
> Raj
> 
> 
>> -----Original Message-----
>> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of JD
>> Sent: Thursday, January 08, 2015 5:41 AM
>> To: Atlanta Linux Enthusiasts
>> Subject: Re: [ale] Security Template (STIG) Scripts for RHEL on github
>> 
>> Ansible? Takes about 20 minutes to get started.
>> 
>> On 01/07/2015 09:54 PM, Raj Wurttemberg wrote:
>>> Very interesting George!
>>> 
>>> We have a client with a rapidly growing RHEL infrastructure (13
>>> servers in June, 180 now!) and they give us build sheets. We also have
>>> to secure and configure servers according to their STIG.... which,
>>> I'll be honest, is very time consuming and tedious to QA.
>>> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.ale.org/pipermail/ale/attachments/20150108/e547b87a/attachment.sig>


More information about the Ale mailing list