[CentOS] Configuration Compliance auditing for many CentOS 5.x boxes

Mon Feb 6 18:04:29 UTC 2012
Denniston, Todd A CIV NAVSURFWARCENDIV Crane <todd.denniston at navy.mil>

> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Tom H
> Sent: Wednesday, February 01, 2012 14:54
> To: CentOS mailing list
> Subject: [CentOS] Configuration Compliance auditing for many CentOS
5.x
> boxes
> 
> Hi CentOS experts,*
> 
> Short Version*
> 
> I would like to produce a weekly report in HTML for each CentOS 5.x
> server we have indicating configuration compliance with some industry
> benchmark. I am looking for a tool or tools to implement this, I am
> happy to use 3rd party proprietary stuff if necessary.


> Current progress is...
> 
> I see that OPENSCAP and OVAL have tools in CentOS-base or EPEL, such
as
> 
>      OpenSCAP-utils
>      ovaldi - oval reference interpreter
> 
> Which can be used to create reports. However they seem a little
> unrefined.
> 
> For SCAP and OVAL content I have found the following.
> 
> 1. NIST provide SCAP content for RHEL desktop, which is kinda close;
> 2. http://usgcb.nist.gov/usgcb/rhel_content.html
> 3. There is a tool called sectool in the fedora repos, but I can't get
> it to run on CentOS due to a missing python-slip module.
> 
> Any suggestions on functioning stacks for this problem would be
> helpful.

Sorry about no suggestions, but seeing where you are I have a question
back at you:
The http://usgcb.nist.gov/usgcb/rhel_content.html seemed to me to be a
newer schema than the openscap in RH/CentOS 5, did you find a way to run
it on 5?

And I sort of assume you have seen 
http://www.redhat.com/security/data/oval/?C=M;O=D
for the RHEL boxes...

Thanks for any pointers.