Re: Security Profiles
Posted: 2020/01/07 21:14:33
I am on CentOS 7.6, or RHEL 7.6. I am not installing Fedora31 on a separate disk.
I have installed
here are the contents of /usr/share/xml/scap/ssg/content/
I try to read any of those and I want to blow my brains out.
how do I map any of those to the list of profiles shown at install time?
To know what in linux is turned on/off/modified when a given profile is selected?
here is the list of profiles displayed at install time from dvd
In order to go about rolling back any changes to troubleshoot when things don't work, I need to know what they were.
I have installed
Code: Select all
openscap-containers-1.2.17-4.el7.noarch
openscap-1.2.17-4.el7.x86_64
openscap-engine-sce-1.2.17-4.el7.x86_64
openscap-utils-1.2.17-4.el7.x86_64
openscap-scanner-1.2.17-4.el7.x86_64
scap-security-guide-0.1.43-13.el7.centos.noarch
Code: Select all
-rw-r--r-- 1 ron users 15538695 Aug 23 10:22 ssg-centos6-ds.xml
-rw-r--r-- 1 ron users 5086947 Aug 23 10:22 ssg-centos6-xccdf.xml
-rw-r--r-- 1 ron users 25972220 Aug 23 10:22 ssg-centos7-ds.xml
-rw-r--r-- 1 ron users 8156658 Aug 23 10:22 ssg-centos7-xccdf.xml
-rw-r--r-- 1 ron users 546 Aug 23 10:21 ssg-firefox-cpe-dictionary.xml
-rw-r--r-- 1 ron users 3635 Aug 23 10:21 ssg-firefox-cpe-oval.xml
-rw-r--r-- 1 ron users 235231 Aug 23 10:21 ssg-firefox-ds.xml
-rw-r--r-- 1 ron users 34640 Aug 23 10:21 ssg-firefox-ocil.xml
-rw-r--r-- 1 ron users 45611 Aug 23 10:21 ssg-firefox-oval.xml
-rw-r--r-- 1 ron users 145235 Aug 23 10:21 ssg-firefox-xccdf.xml
-rw-r--r-- 1 ron users 1409 Aug 23 10:21 ssg-jre-cpe-dictionary.xml
-rw-r--r-- 1 ron users 5516 Aug 23 10:21 ssg-jre-cpe-oval.xml
-rw-r--r-- 1 ron users 160594 Aug 23 10:21 ssg-jre-ds.xml
-rw-r--r-- 1 ron users 15346 Aug 23 10:21 ssg-jre-ocil.xml
-rw-r--r-- 1 ron users 21363 Aug 23 10:21 ssg-jre-oval.xml
-rw-r--r-- 1 ron users 113243 Aug 23 10:21 ssg-jre-xccdf.xml
-rw-r--r-- 1 ron users 4407 Aug 23 10:21 ssg-rhel6-cpe-dictionary.xml
-rw-r--r-- 1 ron users 68416 Aug 23 10:21 ssg-rhel6-cpe-oval.xml
-rw-r--r-- 1 ron users 15815774 Aug 23 10:22 ssg-rhel6-ds.xml
-rw-r--r-- 1 ron users 453844 Aug 23 10:22 ssg-rhel6-ocil.xml
-rw-r--r-- 1 ron users 1920901 Aug 23 10:22 ssg-rhel6-oval.xml
-rw-r--r-- 1 ron users 5410079 Aug 23 10:22 ssg-rhel6-xccdf.xml
-rw-r--r-- 1 ron users 5047 Aug 23 10:21 ssg-rhel7-cpe-dictionary.xml
-rw-r--r-- 1 ron users 68416 Aug 23 10:21 ssg-rhel7-cpe-oval.xml
-rw-r--r-- 1 ron users 26278709 Aug 23 10:22 ssg-rhel7-ds.xml
-rw-r--r-- 1 ron users 1119204 Aug 23 10:22 ssg-rhel7-ocil.xml
-rw-r--r-- 1 ron users 2943691 Aug 23 10:22 ssg-rhel7-oval.xml
-rw-r--r-- 1 ron users 8671063 Aug 23 10:22 ssg-rhel7-xccdf.xml
how do I map any of those to the list of profiles shown at install time?
To know what in linux is turned on/off/modified when a given profile is selected?
here is the list of profiles displayed at install time from dvd
- DISA STIG for RHEL 7
- Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)
- Criminal Justice Information Services (CJIS) Security Policy
- Health Insurance Portability and Accountability Act (HIPAA)
- PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7
- C2S for Red Hat Enterprise Linux
- Standard System Security Profile for RHEL 7
- OSPP - Protection Profile for General Purpose Operating Systems v. 4.2
- USG Configuration Baseline {not applicable to CentOS linux}
- Unclassified Information in Non-federal Information Systems & Organizations (NIST 800-171)
In order to go about rolling back any changes to troubleshoot when things don't work, I need to know what they were.