[ale] security option in CentOS 7
Adrya Stembridge
adrya.stembridge at gmail.com
Thu Feb 11 18:15:47 EST 2016
The gui button does not set the system into fips mode if fips=1 wasn't
added to boot options before installer launches. Figured as much, but
good to confirm.
cat /proc/sys/crypto/fips_enabled
0
The STIG option installed several additional apps including openscap.
On Thu, Feb 11, 2016 at 5:26 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
> Let us know what you see. The gui button didn't indicate it would activate
> anything during the installation process itself.
>
> On Thu, 2016-02-11 at 17:13 -0500, Adrya Stembridge wrote:
>
> Wonder if we'd still need to add fips=1 to boot options when launching the
> installer? Might have a go at this later today.
>
> On Thu, Feb 11, 2016 at 5:04 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
> I'll have to poke an new install and see how much it loads in with the
> STIG security profile activated. The Mil-OSS group is a tad miffed that
> RHEL7 STIG is still only in pre-release DRAFT status since 7 has been out
> for over 2 years now.
>
> On Thu, 2016-02-11 at 16:58 -0500, DJ-Pfulio wrote:
>
> CentOS 6 and RHEL 6 stuff:
>
> RHEL 6 - https://www.ansible.com/security-stig
> Deep Dive: https://www.ansible.com/blog/stig-automation
> Github: https://github.com/samdoran/ansible-role-rhel6stig
>
>
> Ubuntu (not "STIGS", but ... )https://benchmarks.cisecurity.org/downloads/browse/?category=benchmarks.os.linux.ubuntu
>
>
>
>
> On 02/11/2016 04:15 PM, Jim Kinney wrote:
>
>
> New security options in CentOS 7 during install: pre-release draft STIG
> configurations.
>
> For those that know what this is, being able to choose during installation is a
> nice thing.
>
> For those that don't know, STIG security configuration makes the DoD very happy.
>
> OK. The DoD security enforcers have had all joy-like activities surgically
> removed from their existence. But this make makes them less likely to shoot on
> sight.
>
>
>
> _______________________________________________
> Ale mailing listAle at ale.orghttp://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
>
> --
> James P. Kinney III
>
> Every time you stop a school, you will have to build a jail. What you
> gain at one end you lose at the other. It's like feeding a dog on his
> own tail. It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
> http://heretothereideas.blogspot.com/
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
> _______________________________________________
> Ale mailing listAle at ale.orghttp://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
>
> --
> James P. Kinney III
>
> Every time you stop a school, you will have to build a jail. What you
> gain at one end you lose at the other. It's like feeding a dog on his
> own tail. It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
> http://heretothereideas.blogspot.com/
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160211/01fb7af4/attachment.html>
More information about the Ale
mailing list