Now that we wrote up a few OVAL statements and used those instead of SCE driven checks (where possible), let's finish up and go back to the XCCDF document and see how we can put weights in place.
The CVE (Common Vulnerability Exposure) standard allows for vulnerabilities to be given …more ...
Let's create an OVAL check to see if
/etc/inittab's single user
definitions only refer to
/sbin/rc single. First,
The first thing we notice is that there are several namespaces defined within OVAL. These namespaces refer to the platforms on which …
Time to discuss OVAL (Open Vulnerability Assessment Language). In all the previous posts I focused the checking of rules (does the system comply with the given rule) on scripts, through the Script Check Engine supported by openscap. The advantage of SCE is that most people can quickly provide automated checks …more ...
Yesterday evening (UTC, that is) the members of the Gentoo Hardened project filled the #gentoo-hardened IRC channel again - it was time for another online follow-up meeting.
A few patches on the toolchain need to be created to mark SSP as default, but this is just a minor workload.
And …more ...
I promised in my previous post to give some information about remediation.
Remediation is the process where you fix a system to become compliant again after finding out there is a violation on the system. The easiest form of remediation of course is to just notify the administrator and give …more ...
I just committed a set of changes against the Gentoo Handbook (x86 and amd64) with the intent to have better instructions on GPT (GUID Partition Table) layout versus MBR (Master Boot Record) or MSDOS-style layout.
The part on "Preparing the Disks" saw the most changes. It starts with explaining the …more ...
In my previous post I introduced automated checking of rules through SCE (Script Check Engine). Let's focus a bit more now on running with an XCCDF document: how to automatically check the system, read the results and find more information of those results.
To provide a usable example, you can …more ...
In my previous
made a skeleton XCCDF document. By now, we can create a well documented
"baseline" (best practice) for our subject (say PostgreSQL). But for now
I only talked about
<description> whereas XCCDF allows many other tags
You can add metadata information for a particular …more ...