From 4628f408e855c38b1715d9c22ea966f13904751d Mon Sep 17 00:00:00 2001 From: trimstray Date: Wed, 20 Feb 2019 11:14:21 +0100 Subject: [PATCH] updated 'Policy Compliance'; minor fixes - signed-off-by: trimstray --- README.md | 26 ++++++++++++++++--- lib/post_install_tasks/keep_system_updated.md | 5 ++-- 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 3f8b8ac..22af769 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,9 @@ - **[Policy Compliance](#policy-compliance)** * [Center of Internet Security (CIS)](#center-of-internet-security-cis) * [Security Technical Implementation Guide (STIG)](#security-technical-implementation-guide-stig) - * [Security Content Automation Protocol (SCAP)](#security-content-automation-protocol-scap) + * [National Institute of Standards and Technology (NIST)](#national-institute-of-standards-and-technology-nist) +- **[Security Content Automation Protocol (SCAP)](#security-content-automation-protocol-scap)** + * [SCAP Security Guide](#scap-security-guide) - **[DevSec Hardening Framework](#devsec-hardening-framework)** - **[Contributing](#contributing)** - **[External resources](#external-resources)** @@ -265,11 +267,29 @@ A Security Technical Implementation Guide (STIG) is a cybersecurity methodology Please see **[Stigviewer](https://www.stigviewer.com/stigs)** for explore all stigs. -### Security Content Automation Protocol (SCAP) +### National Institute of Standards and Technology (NIST) + +A National Institute of Standards and Technology (NIST) is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. + +Please see **[National Checklist Program (NCP)](https://nvd.nist.gov/ncp/repository)**. + +## Security Content Automation Protocol (SCAP) Security Content Automation Protocol (SCAP) provides a mechanism to check configurations, vulnerability management and evaluate policy compliance for a variety of systems. -One of the most popular implementations of SCAP is **[OpenSCAP](https://www.open-scap.org/security-policies/)** and it is very helpful for vulnerability assessment and also as hardening helper. +One of the most popular implementations of SCAP is OpenSCAP and it is very helpful for vulnerability assessment and also as hardening helper. + +Please see **[SCAP Security Policies](https://www.open-scap.org/security-policies/)** and **[OpenSCAP User Manual](https://static.open-scap.org/openscap-1.2/oscap_user_manual.html)**. + +### SCAP Security Guide + +The auditing system settings with SCAP Security Guide project contains guidance for settings of Red Hat Enterprise Linux 7/CentOS Linux and it's validated by NIST. + +You should inspect the security content of your system with `oscap info` module: + +```bash +oscap info /usr/share/xml/scap/ssg/rhel7/ssg-rhel7-ds.xml +``` ## DevSec Hardening Framework diff --git a/lib/post_install_tasks/keep_system_updated.md b/lib/post_install_tasks/keep_system_updated.md index e0ceb58..9a5ad64 100644 --- a/lib/post_install_tasks/keep_system_updated.md +++ b/lib/post_install_tasks/keep_system_updated.md @@ -41,11 +41,12 @@ apt-get upgrade && apt-get dist-upgrade ###### Policies | Policy | ID/Description | Severity | -| :--- | :--- | | -| STIG | [V-71999](https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/2017-12-14/finding/V-71999) | Severity: Medium | +| :--- | :--- | :--- | +| STIG | [V-71999](https://www.stigviewer.com/stig/red_hat_enterprise_linux_7/2017-12-14/finding/V-71999) | Medium | | CIS | 1.2, 1.8 | | | OpenSCAP | CCI-002605, CCI-002607 | CAT II | + #### :ballot_box_with_check: Summary checklist | Item | True | False |