similar to: puppet + openscap / hardening

Hi - I?m running the OpenSCAP STIG profile on a new CentOS 7.1611 installation, and I get a few failures that look like this (output from openscap scan ?verbosity INFO). I suspect this is because the openscap module is not accepting CentOS 7 as RHEL 7 for rules purposes, despite an early check for "Community Enterprise Operating System 7? which succeeds. 1. Am I correct in why it?s

Hello, I have noticed that pci-dss profile, ssg-centos7-xccdf.xml will always fail on test and remediation for disable_prelink rule. That seem to be caused by insufficient CentOS RPM customization of upstream code. Specifically this: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_prelink.xml#L24-L35

On 02/01/2017 10:15 AM, Micha? Jankowski wrote: > Hello, > > I have noticed that pci-dss profile, ssg-centos7-xccdf.xml will always fail > on test and remediation for disable_prelink rule. That seem to be caused by > insufficient CentOS RPM customization of upstream code. Specifically this: >

CentOS Errata and Bugfix Advisory 2014:1141 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1141.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: b952c73cee7845e66dbb71a4614880421e7cb68268fe8390dafc45de1a338dca openscap-1.0.8-1.0.1.el6.centos.1.i686.rpm

CentOS Errata and Bugfix Advisory 2014:0444 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-0444.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 61865fc3e66d3d869857420958340b09b48b5fe0d31954eec1228ed1f5121594 openscap-1.0.8-1.el5_10.i386.rpm

CentOS Errata and Bugfix Advisory 2018:1405 Upstream details at : https://access.redhat.com/errata/RHBA-2018:1405 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 734b6a1712a4f32a906dc6551d6a7882a59ea0e187f4b208160f1356ed902063 openscap-1.2.16-8.el7_5.i686.rpm

CentOS Errata and Enhancement Advisory 2016:1297 Upstream details at : https://rhn.redhat.com/errata/RHEA-2016-1297.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: bf89f79e636edeae4003caaf022637f66ddea11c2c88ad1d0c22291913ffb718 openscap-1.2.9-5.el7_2.i686.rpm

CentOS Errata and Bugfix Advisory 2017:0380 Upstream details at : https://rhn.redhat.com/errata/RHBA-2017-0380.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: b928aac061ce5555f242f39313ac48cc6635dd3b3349273668a4a4462add5945 openscap-1.2.10-3.el7_3.i686.rpm

CentOS Errata and Bugfix Advisory 2018:0420 Upstream details at : https://access.redhat.com/errata/RHBA-2018:0420 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: c80ff31cb9e1b1dc148d3bfac83393a3258741519d0479a2719002eab4cc5f50 openscap-1.2.14-3.el7_4.i686.rpm

CentOS Errata and Bugfix Advisory 2020:5017 Upstream details at : https://access.redhat.com/errata/RHBA-2020:5017 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 3c7d9ec4c463c38a9d3686c4e9875cf85afff5fd74177c8297ef1f1ad2a337c0 openscap-1.2.17-13.el7_9.x86_64.rpm

CentOS Errata and Enhancement Advisory 2011:1004 Upstream details at : https://rhn.redhat.com/errata/RHEA-2011-1004.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) i386: 539b05daecdb5ee7bfbcdc3d5f18bcd3 openscap-0.7.2-1.el5.i386.rpm a448b8d1fca9100bc11b397b528a7ef3 openscap-devel-0.7.2-1.el5.i386.rpm

CentOS Errata and Enhancement Advisory 2011:1004 Upstream details at : https://rhn.redhat.com/errata/RHEA-2011-1004.html The following updated files have been uploaded and are currently syncing to the mirrors: ( md5sum Filename ) x86_64: 76996ebbc272c2dcac8054561d2cea7f openscap-0.7.2-1.el5.x86_64.rpm afe053b4db31febf31dcad1ee26c48a5 openscap-devel-0.7.2-1.el5.x86_64.rpm

Hi CentOS experts,* Short Version* I would like to produce a weekly report in HTML for each CentOS 5.x server we have indicating configuration compliance with some industry benchmark. I am looking for a tool or tools to implement this, I am happy to use 3rd party proprietary stuff if necessary. * Long(er) Version* Current Situation.. I have a client with many (200x) CentOS 5.x servers

https://bugzilla.mindrot.org/show_bug.cgi?id=1278 Jakub Jelen <jjelen at redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|WONTFIX |--- Status|CLOSED |REOPENED CC| |jjelen

I think, this SIG would/should care about hardening CentOS itself as a system not a complete environment (proxies, firewalls, etc.) The examples of the opener show this. Something else could be integrity checking possibly. I imagine a tool/script that could apply hardening stuff. Regards Tim Am 22. April 2015 09:23:52 MESZ, schrieb Eero Volotinen <eero.volotinen at iki.fi>: >Sounds

Sounds like a bit basic stuff? How about hardening ciphers, two factor authentication, snort, web application firewall and scap scanning? Eero 22.4.2015 10.14 ap. "Andrew Holway" <andrew.holway at gmail.com> kirjoitti: > SELinux? > > On 22 April 2015 at 09:11, John R Pierce <pierce at hogranch.com> wrote: > > > On 4/21/2015 11:34 PM, Eero Volotinen wrote:

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

I am attempting to setup an IPSec protected GRE tunnel with a Cisco router. I believe the IPSec association is up, however I cannot move traffic over the tunnel. It is not clear how to integrate the tunnel interface (gre1) with firewall-cmd; adding the interface to trusted does not appear to 'stick'. [root at aqueduct ~]# firewall-cmd --add-interface=gre1 --zone=trusted The interface

Hello lovelies, Our team is deliberating a few different options for the hierification of our modules; and wanted to poll the collective genius before making our decision. As we all know, there are certain attributes of a package which are, by default, consistent on an OS... say, the name of a package..... class foobar { include foobar::params $package = $foobar::params::package Package

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When