-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Tom H Sent: Wednesday, February 01, 2012 14:54 To: CentOS mailing list Subject: [CentOS] Configuration Compliance auditing for many CentOS
5.x
boxes
Hi CentOS experts,*
Short Version*
I would like to produce a weekly report in HTML for each CentOS 5.x server we have indicating configuration compliance with some industry benchmark. I am looking for a tool or tools to implement this, I am happy to use 3rd party proprietary stuff if necessary.
Current progress is...
I see that OPENSCAP and OVAL have tools in CentOS-base or EPEL, such
as
OpenSCAP-utils ovaldi - oval reference interpreterWhich can be used to create reports. However they seem a little unrefined.
For SCAP and OVAL content I have found the following.
- NIST provide SCAP content for RHEL desktop, which is kinda close;
- http://usgcb.nist.gov/usgcb/rhel_content.html
- There is a tool called sectool in the fedora repos, but I can't get
it to run on CentOS due to a missing python-slip module.
Any suggestions on functioning stacks for this problem would be helpful.
Sorry about no suggestions, but seeing where you are I have a question back at you: The http://usgcb.nist.gov/usgcb/rhel_content.html seemed to me to be a newer schema than the openscap in RH/CentOS 5, did you find a way to run it on 5?
And I sort of assume you have seen http://www.redhat.com/security/data/oval/?C=M;O=D for the RHEL boxes...
Thanks for any pointers.