hardening-script-el6 icon indicating copy to clipboard operation
hardening-script-el6 copied to clipboard

Published 20 hours ago verified publisher icon fcaviggia

Question: AWS scripts anytime soon?

Open jwalker0129 opened this issue 9 years ago • 4 comments

I just got on AWS and was wondering if the AWS scripts will be done soon or if it would probably be faster to just manually STIG my instances. Thanks!

jwalker0129 avatar Aug 20 '15 14:08 jwalker0129

I have some scripts internally, I'll work on getting them up here - until then patches are welcome.

fcaviggia avatar Aug 21 '15 11:08 fcaviggia

Thanks. I'm actually just a Network Admin flailing in the dark here, but if I manage to do something useful then I will share it.

jwalker0129 avatar Aug 21 '15 12:08 jwalker0129

On 8/21/15 8:10 AM, jwalker0129 wrote:

Thanks. I'm actually just a Network Admin flailing in the dark here, but if I manage to do something useful then I will share it.

Note this project does not actually harden to DoD STIG requirements. Think of it as "stig++" in that it may loosely align in some areas, but the settings and configurations are not reviewed by Red Hat, DISA FSO, or NSA, and they're known to go far beyond what is required by policy.

If you're looking for Red Hat supported and recommended methods to STIG a RHEL machine, the official upstream is the OpenSCAP Security Guide project: https://github.com/OpenSCAP/scap-security-guide

This is shipping natively in RHEL as the "scap-security-guide" RPM.

shawndwells avatar Aug 21 '15 21:08 shawndwells

Thanks Shawn. I was not aware of OpenSCAP.

jwalker0129 avatar Aug 28 '15 17:08 jwalker0129