[Open-scap] Bind9 DNS-Secure Configuration Audit

Matus Marhefka mmarhefk at redhat.com
Fri Sep 21 12:31:45 UTC 2018 

Hello!

If you are new to SCAP it might be difficult to understand all the
components, you can check the following for some basic overview:
https://www.open-scap.org/features/scap-components/

Openscap is a toolkit for scanning machines and it needs some content to do
so. Right now, you can find the content here:
https://github.com/ComplianceAsCode/content

This content is built and packaged as scap-security-guide in centos7 so if
you would like to extend it, ComplianceAsCode/content git repository is a
place to do so.
We have the user and the developer guides available which should help you
to get into the project and write a new content:
*
https://github.com/ComplianceAsCode/content/blob/master/docs/manual/user_guide.adoc
*
https://github.com/ComplianceAsCode/content/blob/master/docs/manual/developer_guide.adoc
Note: There is no centos7 product (folder), but the centos7 content is
generated from the rhel7 content by the build system. This means that if
you write content for rhel7 it will automatically get into centos7.

Some examples of rules for inspiration:
*
https://github.com/ComplianceAsCode/content/tree/master/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords
*
https://github.com/ComplianceAsCode/content/tree/master/linux_os/guide/services/sssd/sssd_memcache_timeout
The structure of these rule folders is described in the developer guide in
the section 8. "Contributing with XCCDFs, OVALs and remediations".

Best Regards,
Matus Marhefka


On Fri, Sep 21, 2018 at 12:36 AM Sadettin Kaplan <
sadettin.kaplan12 at gmail.com> wrote:

> Hi Everybody!
> I am newbine in openscap.if following questions are stuppid forgive me.
> I wanna audit my bind9 dns service on centos7 server.But i did'nt find any
> public
>  xccdf file for bind9.
> How can i create own xccdf file from scratch?
>
> thank you, best regards.
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180921/ab37ebcd/attachment.htm>

More information about the Open-scap-list mailing list