[openstack-dev] STIG Tools
Major Hayden
major at mhtx.net
Mon Jan 9 18:04:24 UTC 2017
On 01/09/2017 11:07 AM, Ian Cordasco wrote:
>> I am new to the STIG hardening process and wanted to see if there was a
>> standard way to diff between releases (RHEL STIG 7 draft 0.2 and 0.3 for
>> example) or between RHEL 5 and 6 or something. Obviously the reason for
>> this is too quickly check / implement the diff instead of going through the
>> whole STIG again.
> Hi Joel,
>
> I'm not sure you meant to send this to the OpenStack mailing list, but
> in case you did, I don't know of a good way of doing that. That said,
> there is at least one project that attempts to automate it for you
> (openstack-ansible-security). I've CC'd one of the cores to grab their
> attention in case they can help you.
Hello Joel,
(Thanks for making the connection, Ian!)
The openstack-ansible-security role has support for the RHEL 7 STIG (version 0.2) and I'll be doing my best to keep that updated going forward. The repo has a parser in it that generates documentation metadata from the giant STIG XML file. That should allow us to closely track any changes coming from the STIG. The security role would be updated when that occurs and proper release notes will be provided.
Here are some helpful links:
https://github.com/openstack/openstack-ansible-security
http://docs.openstack.org/developer/openstack-ansible-security/
If you'd like to talk on IRC, hop into #openstack-ansible and find me (mhayden).
--
Major Hayden
More information about the OpenStack-dev
mailing list