[Clip] DISA STIG SRR Scripts
Aaron Lippold
lippold at gmail.com
Wed Sep 9 14:07:08 CDT 2009
Hi,
For most of these changes, I am - lazyilly not done yet with all the
traveling I have been doing - going to make a 'DOD Branch' of the CLIP
puppet on the 'DoD Bastille' and 'DoD Puppet' projects on
https://software.forge.mil.
I think the changes are pretty small so if anyone has already gone
though this, I'd love to work with you and would be happy to give you
a nice place to put the work.
Thanks,
Aaron
On Tue, Sep 8, 2009 at 1:25 PM, Bryan Schneiders <bschneiders at woti.com> wrote:
> How often are the CLIP releases tested against the DISA STIG System Readiness Review scripts?
> http://iase.disa.mil/stigs/SRR/unix.html
>
> Using the subversion code from as recently as Friday, I'm trying to get a 5.3 system to pass. In addition to very many "manual review required" items, the SRR script is failing on even more basic checks like GEN000580 for PASS_MIN_LEN and GEN005600 for IP Forwarding in /etc/sysctl.conf.
>
> I see there is already a puppet module for at least GEN005600 but instead of correcting 3 of the settings it has sed commands for, it appears to remove those lines from the sysctl.conf file all together.
>
> I'm just trying to determine how ready the CLIP 3.* releases are for use at this point and how you test the releases.
>
> Has anyone else had a RHEL 5.3 system based on CLIP pass DISA STIG?
> --
>
> Bryan Schneiders
> bschneiders at woti.com
> 301-562-1900 ext 305
>
> _______________________________________________
> Clip mailing list
> Clip at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/clip
>
More information about the Clip
mailing list