I am pleased to announce the availability of VMware STIG Compliance App. Using this app, you can assess, remediate and harden remote *NIX machines in line with STIG (Security Technical Implementation Guide) or any other security configuration benchmark. The app is available as a container image.
The app supports and requires configuration benchmark to be in SCAP 1.2 format and is capable of performing XCCDF or OVAL assessments. The app uses OpenSCAP as the assessment engine and Ansible as the action engine for performing remediation and hardening.
Let us take a security configuration example.
Requirement – The SSH daemon must set a timeout interval on idle sessions to 15 minutes.
Assessment/Remediation Needed – In the
/etc/ssh/sshd_config file, ensure that the
ClientAliveInterval parameter is set to
A typical assessment and remediation snippet would look like below:
Remediation encapsulated in XCCDF fix element:
That’s it. Put together your OVAL assessments and remediation stubs and leave the rest to the app. So, grab the app and get started using the cool demonstration videos!
I am looking forward to hearing from you.
Thanks and regards,
CISSP | CUA | TOGAF | CCSK | CWSP
RHCE | HP-UX CSA | VCP4-DCV | MBA | GISP | CloudU | CompTIA CE | ITIL-F | ITSM-F | CWNA | Mobility+ | VSP 2015