[ale] Security Template (STIG) Scripts for RHEL on github

Ed Cashin ecashin at noserose.net
Thu Jan 8 13:44:40 EST 2015


Ansible is pretty simple and flexible.  I don't use it the way you
want, but it could certainly be used that way.

It would just be YAML saying what checks to run.  You might have to
have or write checks if there aren't already ansible roles out there
on github (or whatever) that do the checks you want, but it is
convenient to write your own roles.

E.g., it has a "shell" module.  You can run any arbitrary shell
command there, even interpolating variables into the shell command.

  http://docs.ansible.com/shell_module.html

So I mean, "Sure, you can do that."  But you can do anything with
ansible.  I don't know whether people have written modules that get
you half the way there.


On Thu, Jan 8, 2015 at 9:28 AM, Raj Wurttemberg <rajaw at c64.us> wrote:
> Can Ansible do simple checks on files?
>
> Examples:
> - Check settings inside sshd_config
> - Check settings inside PAM files
> - Make sure certain NICs have a specific MTU
>
> I looked at Ansible briefly, but I thought it was more for deploying
> settings and packages.  I'm looking to just QA servers.
>
> Kind regards,
> Raj
>
>
>> -----Original Message-----
>> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of JD
>> Sent: Thursday, January 08, 2015 5:41 AM
>> To: Atlanta Linux Enthusiasts
>> Subject: Re: [ale] Security Template (STIG) Scripts for RHEL on github
>>
>> Ansible? Takes about 20 minutes to get started.
>>
>> On 01/07/2015 09:54 PM, Raj Wurttemberg wrote:
>> > Very interesting George!
>> >
>> > We have a client with a rapidly growing RHEL infrastructure (13
>> > servers in June, 180 now!) and they give us build sheets. We also have
>> > to secure and configure servers according to their STIG.... which,
>> > I'll be honest, is very time consuming and tedious to QA.
>> >
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



-- 
  Ed Cashin <ecashin at noserose.net>


More information about the Ale mailing list