Skip to content

Instantly share code, notes, and snippets.

@andrewkroh

andrewkroh/redhat_6_stig.sh

Created March 5, 2015 13:42
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save andrewkroh/9028bf83908e3999d914 to your computer and use it in GitHub Desktop.
Save andrewkroh/9028bf83908e3999d914 to your computer and use it in GitHub Desktop.
Download ZIP
Redhat 6 STIG Examples using OpenSCAP
Raw
redhat_6_stig.sh
# Install openscap tool.
sudo yum install openscap-utils
# Generate report based on RedHat's scap-security-guide project (SSG).
# Requires EPEL.
sudo yum install scap-security-guide
oscap xccdf eval --profile stig-rhel6-server-upstream \
--results /tmp/`hostname`-ssg-results.xml \
--report /tmp/`hostname`-ssg-results.html \
--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
/usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
# Verify all RHSA patches are applied.
wget http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml
sudo oscap oval eval \
--results rhsa-results-oval.xml \
--report oval-report.html \
com.redhat.rhsa-all.xml
# Generate DISA RHEL 6 STIG report.
wget http://iase.disa.mil/stigs/Documents/U_RedHat_6_V1R6_STIG_SCAP_1-1_Benchmark.zip
unzip U_RedHat_6_V1R6_STIG_SCAP_1-1_Benchmark.zip
oscap info U_RedHat_6_V1R6_STIG_SCAP_1-1_Benchmark-xccdf.xml
sudo oscap xccdf eval \
--report redhat_6_v1r6_stig.html \
--cpe U_RedHat_6_V1R6_STIG_SCAP_1-1_Benchmark-cpe-dictionary.xml \
U_RedHat_6_V1R6_STIG_SCAP_1-1_Benchmark-xccdf.xml
# Generate DISA Apache 2.2 STIG guide.
wget https://iase.disa.mil/stigs/Documents/U_Apache_2-2_UNIX_V1R6_STIG.zip
cd U_Apache_2-2_UNIX_V1R6_STIG
unzip U_Apache_2-2_Server_UNIX_V1R6_Manual_STIG.zip
cd U_Apache_2-2_Server_UNIX_V1R6_Manual_STIG
oscap xccdf generate guide U_Apache_2-2_Server_UNIX_V1R6_Manual-xccdf.xml > guide.html
@necrolyte2
Copy link

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment