> -----Original Message----- > From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On > Behalf Of Tom H > Sent: Wednesday, February 01, 2012 14:54 > To: CentOS mailing list > Subject: [CentOS] Configuration Compliance auditing for many CentOS 5.x > boxes > > Hi CentOS experts,* > > Short Version* > > I would like to produce a weekly report in HTML for each CentOS 5.x > server we have indicating configuration compliance with some industry > benchmark. I am looking for a tool or tools to implement this, I am > happy to use 3rd party proprietary stuff if necessary. > Current progress is... > > I see that OPENSCAP and OVAL have tools in CentOS-base or EPEL, such as > > OpenSCAP-utils > ovaldi - oval reference interpreter > > Which can be used to create reports. However they seem a little > unrefined. > > For SCAP and OVAL content I have found the following. > > 1. NIST provide SCAP content for RHEL desktop, which is kinda close; > 2. http://usgcb.nist.gov/usgcb/rhel_content.html > 3. There is a tool called sectool in the fedora repos, but I can't get > it to run on CentOS due to a missing python-slip module. > > Any suggestions on functioning stacks for this problem would be > helpful. Sorry about no suggestions, but seeing where you are I have a question back at you: The http://usgcb.nist.gov/usgcb/rhel_content.html seemed to me to be a newer schema than the openscap in RH/CentOS 5, did you find a way to run it on 5? And I sort of assume you have seen http://www.redhat.com/security/data/oval/?C=M;O=D for the RHEL boxes... Thanks for any pointers.