[CentOS] Configuration Compliance auditing for many CentOS 5.x boxes
Denniston, Todd A CIV NAVSURFWARCENDIV Crane
todd.denniston at navy.mil
Mon Feb 6 18:04:29 UTC 2012
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Tom H
> Sent: Wednesday, February 01, 2012 14:54
> To: CentOS mailing list
> Subject: [CentOS] Configuration Compliance auditing for many CentOS
5.x
> boxes
>
> Hi CentOS experts,*
>
> Short Version*
>
> I would like to produce a weekly report in HTML for each CentOS 5.x
> server we have indicating configuration compliance with some industry
> benchmark. I am looking for a tool or tools to implement this, I am
> happy to use 3rd party proprietary stuff if necessary.
> Current progress is...
>
> I see that OPENSCAP and OVAL have tools in CentOS-base or EPEL, such
as
>
> OpenSCAP-utils
> ovaldi - oval reference interpreter
>
> Which can be used to create reports. However they seem a little
> unrefined.
>
> For SCAP and OVAL content I have found the following.
>
> 1. NIST provide SCAP content for RHEL desktop, which is kinda close;
> 2. http://usgcb.nist.gov/usgcb/rhel_content.html
> 3. There is a tool called sectool in the fedora repos, but I can't get
> it to run on CentOS due to a missing python-slip module.
>
> Any suggestions on functioning stacks for this problem would be
> helpful.
Sorry about no suggestions, but seeing where you are I have a question
back at you:
The http://usgcb.nist.gov/usgcb/rhel_content.html seemed to me to be a
newer schema than the openscap in RH/CentOS 5, did you find a way to run
it on 5?
And I sort of assume you have seen
http://www.redhat.com/security/data/oval/?C=M;O=D
for the RHEL boxes...
Thanks for any pointers.
More information about the CentOS
mailing list