[ale] Security Template (STIG) Scripts for RHEL on github

Jim Kinney jim.kinney at gmail.com
Thu Jan 8 14:26:58 EST 2015 

On Thu, 2015-01-08 at 14:10 -0500, Jerald Sheets wrote:
> Puppet would do that job more completely, I’d think, and would then maintain your site to that level of STIG compliance, and then provide audit trail when things change and Puppet puts it back.
> 
> I just did a site in Sacramento that manages the power grid for the state.  They needed this level of provisioning, security hardening, auditing, and reporting and Puppet + RHEL6 + IT automation ability, and Puppet fit the bill.
> 
> There’s also Raytheon’s “Security Blanket” that does a lot of this too.

Raytheon also sells a product to use for clean up after a security
breach. It's called "Dirty Diaper". It doesn't actually "clean"
anything. But it makes the situation so bad that the best course of
action is buy new hardware.

> 
> —jms
> 
> 
> > On Jan 8, 2015, at 9:28 AM, Raj Wurttemberg <rajaw at c64.us> wrote:
> > 
> > Can Ansible do simple checks on files?
> > 
> > Examples:
> > - Check settings inside sshd_config
> > - Check settings inside PAM files
> > - Make sure certain NICs have a specific MTU
> > 
> > I looked at Ansible briefly, but I thought it was more for deploying
> > settings and packages.  I'm looking to just QA servers.
> > 
> > Kind regards,
> > Raj
> > 
> > 
> >> -----Original Message-----
> >> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of JD
> >> Sent: Thursday, January 08, 2015 5:41 AM
> >> To: Atlanta Linux Enthusiasts
> >> Subject: Re: [ale] Security Template (STIG) Scripts for RHEL on github
> >> 
> >> Ansible? Takes about 20 minutes to get started.
> >> 
> >> On 01/07/2015 09:54 PM, Raj Wurttemberg wrote:
> >>> Very interesting George!
> >>> 
> >>> We have a client with a rapidly growing RHEL infrastructure (13
> >>> servers in June, 180 now!) and they give us build sheets. We also have
> >>> to secure and configure servers according to their STIG.... which,
> >>> I'll be honest, is very time consuming and tedious to QA.
> >>> 
> > 
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-- 
Jim Kinney
Senior System Administrator
36 Eagle Row Suite 588
Department of Biomedical Informatics
Emory University School of Medicine
jkinney at emory.edu
404-712-0300

More information about the Ale mailing list