Using OpenSCAP to audit against new RHEL 8 V1R13 STIG #11557
-
Hello, I have a quick question around auditing new STIGs. We are currently auditing against the RHEL8 STIG V1R12 by using the So what's the process here? I'm new to the ecosystem and trying to wrap my head around how the
|
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
Thanks for the question and I'm glad that this project is helpful to you. The STIG profile in the As for the updates from V1R13 for RHEL 8 those were done in #11478 and will be in the in v0.1.72 release of this project. v0.1.72 should come out this Friday (9 February 2024). The content should it make to RHEL, however I can't comment on the timeline of that process. |
Beta Was this translation helpful? Give feedback.
-
@Mab879 thanks for your thoughtful answer! So, in other words, DISA releases a STIG and the community-driven efforts from the OpenSCAP and ComplianceAsCode frameworks and tooling help automate the auditing against it. Thanks for the v0.1.72 update! We are coming from using the CISCAT tool and it was a bit easier with that to actually figure out WHAT the audit was doing - e.g. what command was being run on the machine under test to produce the audit result - be hit bash, linux commands, etc. So this is all very helpful translating how a STIG correlates to the
Sorry, can you clarify what you mean by this? Not sure I follow. |
Beta Was this translation helpful? Give feedback.
Thanks for the question and I'm glad that this project is helpful to you.
The STIG profile in the
ssg-rhel8-ds.xml
file is not directly based on the SCAP (or any other) automated content that DISA provides. It based on the interpretation of the manual SCAP content (the wording of the STIG) by the developers from this project. The developers of this project come the OS vendors (such as Red Hat, SUSE, Oracle, Canonical, among others) and community members who contribute content. We create the OVAL checks, the remedations (Bash, Ansible, etc), and the prose used thessg-rhel8-ds.xml
.As for the updates from V1R13 for RHEL 8 those were done in #11478 and will be in the in v0.1.72 release of t…