Norm-Audit-Hardening-Audit

[bbaassssiiee]

This project lacks a normative specification that can be used as a benchmark in an audit. If it would use CIS or DISA then we can use oscap to verify hardening deviations. Now the sysop did something without a standard to comply to.

[chris-rock]

@bbaassssiiee We are happy to add that support. PRs are very welcome to move into that direction

[naman]

It will be great if the maintainers could look again at this issue. OP has a point. A security baseline standard like CIS should be a norm for auditing purposes.

Thanks

[rndmh3ro]

I'm going to let this open so someone can work on this, if he or she wants to.

[Rockstar04]

This as well as the other dev-sec os-hardening projects are all benchmarked against he dev-sec/linux-baseline. While it is not a 1-1 clone of the CIS or DISA, it does cover many of their security checks.

I would suggest closing this issue, and addressing the topic of standard security benchmarks there, so they can benefit all the dev-sec projects.

[naman]

That's a great suggestion @Rockstar04. I'll open an issue there. Thanks

[Rockstar04]

Closed in favor of dev-sec/linux-baseline#110

[bbaassssiiee]

I will not create a PR here, I already contributed to repositories supported by AnsibleLockdown.io:

• https://github.com/MindPointGroup/RHEL7-CIS
• https://github.com/MindPointGroup/RHEL6-STIG