Tag: stig

How to adapt the scap-security-guide for DISA CIS for CentOS8 Linux

The scap-security-guide changes in format with each new guide.  CentOS 8 is not fully represented within the guide.  The XMLs provided differ in context, so the RHEL XML must be used to generate the report but requires a small patch to do so. The CUI Profile The ssg-rhel8-ds-1.2.xml contains the profile cui, while the one for ssg-centos8-ds-1.2.xml does not. [root@admin…

Read More »

Create an Ansible script for DISA STIG and execute it in CentOS 7

Securing a CentOS 7 install doesn’t have to be tough.  Code already exists, we just have to find it and execute it. Prerequisites yum install openscap scap-security-guide -y Verification The version of the scap-security-guide that was tested is 0.1.40. Version 0.1.43 has removed the DISA STIG from the CentOS guide ssg-centos7-ds.xml; however, there is a work-a-round. Article coming soon. scap-security-guide.noarch…

Read More »