My personal project goal is to work on scripts and Puppet content to meet STIG requirements. I'm not really talented enough to putz around with the kernel stuff but don't object if others do.
Leam
On 29 April 2015 at 09:17, leam hall leamhall@gmail.com wrote:
My personal project goal is to work on scripts and Puppet content to meet STIG requirements. I'm not really talented enough to putz around with the kernel stuff but don't object if others do.
What kind of scripts are you looking for and need? There are several out there for STIG requirements so I was wondering if they could be used.
Leam
-- Mind on a Mission http://leamhall.blogspot.com/
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On Wed, Apr 29, 2015 at 11:28 AM, Stephen John Smoogen smooge@gmail.com wrote:
On 29 April 2015 at 09:17, leam hall leamhall@gmail.com wrote:
My personal project goal is to work on scripts and Puppet content to meet STIG requirements. I'm not really talented enough to putz around with the kernel stuff but don't object if others do.
What kind of scripts are you looking for and need? There are several out there for STIG requirements so I was wondering if they could be used.
I've used Aqueduct, and wrote some of them. Working on implementing a newer project and focusing on Puppet code as that's what I'm need to learn most. Still getting a handle on what all is out there.
Leam
On 04/29/2015 10:49 AM, leam hall wrote:
On Wed, Apr 29, 2015 at 11:28 AM, Stephen John Smoogen smooge@gmail.com wrote:
On 29 April 2015 at 09:17, leam hall leamhall@gmail.com wrote:
My personal project goal is to work on scripts and Puppet content to meet STIG requirements. I'm not really talented enough to putz around with the kernel stuff but don't object if others do.
What kind of scripts are you looking for and need? There are several out there for STIG requirements so I was wondering if they could be used.
I've used Aqueduct, and wrote some of them. Working on implementing a newer project and focusing on Puppet code as that's what I'm need to learn most. Still getting a handle on what all is out there.
It might be easier to look at the tooling mentioned here https://access.redhat.com/comment/913583#comment-913583 (thanks Akemi for pointing it out) and assessing the level of effort needed to make that work for CentOS.
Red Hat seems to not be putting a lot of work into RHEL 5 STIG compliance. That's been one of my motivators.
On Wed, Apr 29, 2015 at 2:01 PM, Jim Perrin jperrin@centos.org wrote:
On 04/29/2015 10:49 AM, leam hall wrote:
On Wed, Apr 29, 2015 at 11:28 AM, Stephen John Smoogen <smooge@gmail.com
wrote:
On 29 April 2015 at 09:17, leam hall leamhall@gmail.com wrote:
My personal project goal is to work on scripts and Puppet content to
meet
STIG requirements. I'm not really talented enough to putz around with
the
kernel stuff but don't object if others do.
What kind of scripts are you looking for and need? There are several out there for STIG requirements so I was wondering if they could be used.
I've used Aqueduct, and wrote some of them. Working on implementing a
newer
project and focusing on Puppet code as that's what I'm need to learn
most.
Still getting a handle on what all is out there.
It might be easier to look at the tooling mentioned here https://access.redhat.com/comment/913583#comment-913583 (thanks Akemi for pointing it out) and assessing the level of effort needed to make that work for CentOS.
-- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On 04/29/2015 01:28 PM, leam hall wrote:
Red Hat seems to not be putting a lot of work into RHEL 5 STIG compliance. That's been one of my motivators.
EL5 dies in a year and a half or so, and has several outstanding (minor to medium) cve's presently. I'm absolutely fine with ignoring it until it goes away as well.
There are a lot of RHEL 5 boxes in production. Any solution that doesn't take it into account isn't a solution for me.
On Wed, Apr 29, 2015 at 3:05 PM, Jim Perrin jperrin@centos.org wrote:
On 04/29/2015 01:28 PM, leam hall wrote:
Red Hat seems to not be putting a lot of work into RHEL 5 STIG
compliance.
That's been one of my motivators.
EL5 dies in a year and a half or so, and has several outstanding (minor to medium) cve's presently. I'm absolutely fine with ignoring it until it goes away as well.
-- Jim Perrin The CentOS Project | http://www.centos.org twitter: @BitIntegrity | GPG Key: FA09AD77 _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
On Wed, Apr 29, 2015 at 03:06:35PM -0400, leam hall wrote:
There are a lot of RHEL 5 boxes in production. Any solution that doesn't take it into account isn't a solution for me.
RHEL5 _extended_ life cycle support goes into 2020.
On 04/29/2015 02:06 PM, leam hall wrote:
There are a lot of RHEL 5 boxes in production. Any solution that doesn't take it into account isn't a solution for me.
Oh I know there are tons of el5 boxen. From the project side we'll continue to provide for them. From a personal side, I'm just not interested in el5 anymore.
On Wed, Apr 29, 2015 at 3:40 PM, Jim Perrin jperrin@centos.org wrote:
On 04/29/2015 02:06 PM, leam hall wrote:
There are a lot of RHEL 5 boxes in production. Any solution that doesn't take it into account isn't a solution for me.
Oh I know there are tons of el5 boxen. From the project side we'll continue to provide for them. From a personal side, I'm just not interested in el5 anymore.
Understood. I'm not against RHEL 7 stuff but don't use it personally. ;)
The part that grates on me most is that RH isn't hyped about supporting RHEL 5 much. There are large, paying, installs that could use SCAP, but can't. Thus their SCAP tool is kinda wimpy.
-
Jim Perrin -
leam hall -
Matthew Miller -
Stephen John Smoogen