[Clip] DISA STIG SRR Scripts
lippold at gmail.com
Wed Sep 9 14:07:08 CDT 2009
For most of these changes, I am - lazyilly not done yet with all the
traveling I have been doing - going to make a 'DOD Branch' of the CLIP
puppet on the 'DoD Bastille' and 'DoD Puppet' projects on
I think the changes are pretty small so if anyone has already gone
though this, I'd love to work with you and would be happy to give you
a nice place to put the work.
On Tue, Sep 8, 2009 at 1:25 PM, Bryan Schneiders <bschneiders at woti.com> wrote:
> How often are the CLIP releases tested against the DISA STIG System Readiness Review scripts?
> Using the subversion code from as recently as Friday, I'm trying to get a 5.3 system to pass. In addition to very many "manual review required" items, the SRR script is failing on even more basic checks like GEN000580 for PASS_MIN_LEN and GEN005600 for IP Forwarding in /etc/sysctl.conf.
> I see there is already a puppet module for at least GEN005600 but instead of correcting 3 of the settings it has sed commands for, it appears to remove those lines from the sysctl.conf file all together.
> I'm just trying to determine how ready the CLIP 3.* releases are for use at this point and how you test the releases.
> Has anyone else had a RHEL 5.3 system based on CLIP pass DISA STIG?
> Bryan Schneiders
> bschneiders at woti.com
> 301-562-1900 ext 305
> Clip mailing list
> Clip at oss.tresys.com
More information about the Clip