[redhat-lspp] Configuring for STIG/FISMA compliance
Stephen J. Smoogen
smooge at gmail.com
Sun Feb 5 20:24:45 UTC 2006
Hi, I know that this isnt the perfect list for this, but after coming
up nothing better... Steve Grubb mentioned that there was some
crossover of people on this list and STIG compliance.
I have been working on DOE compliance scripts for my current job, and
have realized that this is an area where everyone seems to try and
re-invent the wheel (at least in my area). Since that is a waste of
taxpayer money :), I was trying to find a more uniform approach. Steve
Grubb showed me the DISA STIG documents and scripts.. and have been
trying to cover the draft 5.0 version with a new set of "site-wide"
scripts that would Audit/Configure/Restore a system after needed input
files. There are around 450 points in the STIGS with about 2/3 of them
scriptable to confirm that either a system meets it or does not.
Has anyone else seen any open-source tool-sets that are aimed at this?
I am interested in either in putting my ugly bash/sed/awk stuff
(currently called Jotun as a play on the Titan toolkit) or
contributing to other projects.
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
More information about the redhat-lspp
mailing list