[ale] security option in CentOS 7

Jim Kinney jim.kinney at gmail.com
Thu Feb 11 18:51:29 EST 2016


That makes sense as fips is a kernel option. 
On Thu, 2016-02-11 at 18:15 -0500, Adrya Stembridge wrote:
> The gui button does not set the system into fips mode if fips=1
> wasn't added to boot options before installer launches.   Figured as
> much, but good to confirm. 
> 
> cat /proc/sys/crypto/fips_enabled
> 0
> 
> The STIG option installed several additional apps including
> openscap. 
> 
> 
> 
> 
> On Thu, Feb 11, 2016 at 5:26 PM, Jim Kinney <jim.kinney at gmail.com>
> wrote:
> > Let us know what you see. The gui button didn't indicate it would
> > activate anything during the installation process itself.
> > 
> > On Thu, 2016-02-11 at 17:13 -0500, Adrya Stembridge wrote:
> > > Wonder if we'd still need to add fips=1 to boot options when
> > > launching the installer?   Might have a go at this later today. 
> > > 
> > > On Thu, Feb 11, 2016 at 5:04 PM, Jim Kinney <jim.kinney at gmail.com
> > > > wrote:
> > > > I'll have to poke an new install and see how much it loads in
> > > > with the STIG security profile activated. The Mil-OSS group is
> > > > a tad miffed that RHEL7 STIG is still only in pre-release DRAFT
> > > > status since 7 has been out for over 2 years now.
> > > > 
> > > > On Thu, 2016-02-11 at 16:58 -0500, DJ-Pfulio wrote:
> > > > > CentOS 6 and RHEL 6 stuff:
> > > > > 
> > > > > RHEL 6 - https://www.ansible.com/security-stig
> > > > > Deep Dive: https://www.ansible.com/blog/stig-automation
> > > > > Github: https://github.com/samdoran/ansible-role-rhel6stig
> > > > > 
> > > > > 
> > > > > Ubuntu (not "STIGS", but ... )
> > > > > https://benchmarks.cisecurity.org/downloads/browse/?category=
> > > > > benchmarks.os.linux.ubuntu
> > > > > 
> > > > > 
> > > > > 
> > > > > 
> > > > > On 02/11/2016 04:15 PM, Jim Kinney wrote:
> > > > > > New security options in CentOS 7 during install: pre-
> > > > > > release draft STIG
> > > > > > configurations.
> > > > > > 
> > > > > > For those that know what this is, being able to choose
> > > > > > during installation is a
> > > > > > nice thing.
> > > > > > 
> > > > > > For those that don't know, STIG security configuration
> > > > > > makes the DoD very happy. 
> > > > > > 
> > > > > > OK. The DoD security enforcers have had all joy-like
> > > > > > activities surgically
> > > > > > removed from their existence. But this make makes them less
> > > > > > likely to shoot on
> > > > > > sight.
> > > > > >  
> > > > > _______________________________________________
> > > > > Ale mailing list
> > > > > Ale at ale.org
> > > > > http://mail.ale.org/mailman/listinfo/ale
> > > > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > > > http://mail.ale.org/mailman/listinfo
> > > > -- 
> > > > James P. Kinney III
> > > > 
> > > > Every time you stop a school, you will have to build a jail.
> > > > What you
> > > > gain at one end you lose at the other. It's like feeding a dog
> > > > on his
> > > > own tail. It won't fatten the dog.
> > > > - Speech 11/23/1900 Mark Twain
> > > > 
> > > > http://heretothereideas.blogspot.com/
> > > > 
> > > > _______________________________________________
> > > > Ale mailing list
> > > > Ale at ale.org
> > > > http://mail.ale.org/mailman/listinfo/ale
> > > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > > http://mail.ale.org/mailman/listinfo
> > > > 
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://mail.ale.org/mailman/listinfo/ale
> > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > http://mail.ale.org/mailman/listinfo
> > -- 
> > James P. Kinney III
> > 
> > Every time you stop a school, you will have to build a jail. What
> > you
> > gain at one end you lose at the other. It's like feeding a dog on
> > his
> > own tail. It won't fatten the dog.
> > - Speech 11/23/1900 Mark Twain
> > 
> > http://heretothereideas.blogspot.com/
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> > 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-- 
James P. Kinney III

Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain

http://heretothereideas.blogspot.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160211/7eadcea9/attachment.html>


More information about the Ale mailing list