Tag: stig

How to adapt the scap-security-guide for DISA CIS for CentOS8 Linux

The scap-security-guide changes in format with each new guide.  CentOS 8 is not fully represented within the guide.  The XMLs provided differ in context, so the RHEL XML must be used to generate the report but requires a small patch to do so. The CUI Profile The ssg-rhel8-ds-1.2.xml contains the profile cui, while the one for ssg-centos8-ds-1.2.xml does not. [root@admin...Read More »

Create an Ansible script for DISA STIG and execute it in CentOS 7

Securing a CentOS 7 install doesn't have to be tough.  Code already exists, we just have to find it and execute it. Prerequisites yum install openscap scap-security-guide -y Verification The version of the scap-security-guide that was tested is 0.1.40. scap-security-guide.noarch 0.1.40-13.el7.centos @updates Test The purpose of this test is to determine if the scap-security-guide supports DISA STIG. oscap info /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml...Read More »