[Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS

Boucher, William William.Boucher at mza.com
Mon Jan 21 22:55:54 UTC 2019 

Stuart and Watson,

I found the packages for Ubuntu 18.04 (“cosmic”) but not for Ubuntu 16.04 (“xenial”). The DISA STIG is written specifically for Ubuntu 16.04 (“U_Canonical_16-04_LTS_V1R1_STIG.zip”). Am I not looking in the right place for the SSG?

I found the ssg packages for Ubuntu 18.04 at https://packages.ubuntu.com/search?suite=cosmic&searchon=names&keywords=ssg, but they are not in the 16.04 package listing at https://packages.ubuntu.com/search?suite=xenial&searchon=names&keywords=ssg.

Could they be in another repository for 16.04? (Note I am using the latest xenial, 16.04.5, which has the same Linux kernel as the latest cosmic release, 4.15.)

Thank you for your help and patience,

                --Bill

William B. Boucher, BSEE
Embedded Systems Software Engineer
Information Systems Security Manager
MZA Associates Corporation
4900 Lang Ave. NE, Suite 100
Albuquerque, NM 87109-9708
Phone: 505.245.9970 x166
Fax: 505.245.9971
Cell: 505.459.7620
william.boucher at mza.com<mailto:william.boucher at mza.com>

From: Watson Sato [mailto:wsato at redhat.com]
Sent: Monday, January 7, 2019 7:58 AM
To: Boucher, William <William.Boucher at mza.com>
Cc: Newman, Stuart J. (GSFC-491.0)[KBRwyle] <stuart.j.newman at nasa.gov>; open-scap-list at redhat.com
Subject: Re: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS

Hello,


On Wed, Nov 28, 2018 at 5:39 PM Boucher, William <William.Boucher at mza.com<mailto:William.Boucher at mza.com>> wrote:
Stuart,

How do I get the current/latest scap security guide?

Latest pre-built content can be grabbed at https://github.com/ComplianceAsCode/content/releases, just download the zip file.

1)      I went to https://www.open-scap.org/security-policies/scap-security-guide/ and clicked on the Ubuntu symbol to get directions for installing it, but that gave message “The SCAP Security Guide package is not available on the Ubuntu distribution yet. Check for update.”
The website needs to updated, there are SCAP Security Guide packages for Ubuntu and Debian.

2)      “apt-get install scap-security-guide” produced the error “Unable to locate package scap-security-guide.”

It seems that the packages are named slightly different in Ubuntu, see: https://packages.ubuntu.com/source/disco/scap-security-guide

I did successfully install libopenscap8 (“apt-get install libopenscap8”).

All help is appreciated.

William B. Boucher, BSEE
Embedded Systems Software Engineer
Information Systems Security Manager
MZA Associates Corporation
2021 Girard Blvd., SE, Suite 150
Albuquerque, New Mexico 87106
Phone: 505.245.9970 x166
Fax: 505.245.9971
Cell: 505.459.7620
william.boucher at mza.com<mailto:william.boucher at mza.com>

From: Newman, Stuart J. (GSFC-491.0)[KBRwyle] [mailto:stuart.j.newman at nasa.gov<mailto:stuart.j.newman at nasa.gov>]
Sent: Wednesday, November 28, 2018 4:19 AM
To: Boucher, William <William.Boucher at mza.com<mailto:William.Boucher at mza.com>>; open-scap-list at redhat.com<mailto:open-scap-list at redhat.com>
Subject: RE: Benchmark for Canonical Ubuntu 16.04 LTS

The current (0.1.41) version of the scap security guide has Ubuntu benchmarks.

Stuart J Newman

[cid:image001.png at 01D4B19F.F1DDFA40]

Engineer 4; Systems
NASA/Goddard Space Flight Center, Building 14 Room 252 |  Greenbelt, Maryland 20771 |  USA
Office: +1 301. 286.5145 |  Mobile: +1443.878.6146  |  Stuart.J.Newman at nasa.gov<mailto:Stuart.J.Newman at nasa.gov>


________________________________
This e-mail, including any attached files, may contain confidential and privileged information for the sole use of the intended recipient.  Any review, use, distribution, or disclosure by others is strictly prohibited.  If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message.

From: open-scap-list-bounces at redhat.com<mailto:open-scap-list-bounces at redhat.com> <open-scap-list-bounces at redhat.com<mailto:open-scap-list-bounces at redhat.com>> On Behalf Of Boucher, William
Sent: November 27, 2018 18:23
To: open-scap-list at redhat.com<mailto:open-scap-list at redhat.com>
Subject: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS


Hi folks,

I am currently hardening an Ubuntu embedded system for delivery to a customer.

I have downloaded the “Canonical Ubuntu 16.04 LTS STIG Ver 1, Rel 1” from DISA, and I have obtained a copy of the SCAP Compliance checker tool “SCC 5.0.2 Ubuntu 16 AMD64”.

What I am missing is an SCAP Benchmark file for Ubuntu 16.04. Does one exist?

I would like to use OpenSCAP to harden then scan this IS. The Open-SCAP BASE page says that Ubuntu is supported, so I can get the tools installed. But without a benchmark how would I proceed from there?

Thank you,

        --Bill
William B. Boucher, BSEE
Embedded Systems Software Engineer
Information Systems Security Manager
MZA Associates Corporation
2021 Girard Blvd., SE, Suite 150
Albuquerque, New Mexico 87106
Phone: 505.245.9970 x166
Fax: 505.245.9971
Cell: 505.459.7620
william.boucher at mza.com<mailto:william.boucher at mza.com>

_______________________________________________
Open-scap-list mailing list
Open-scap-list at redhat.com<mailto:Open-scap-list at redhat.com>
https://www.redhat.com/mailman/listinfo/open-scap-list


--
Watson Sato
Security Technologies | Red Hat, Inc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20190121/61167add/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 3734 bytes
Desc: image001.png
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20190121/61167add/attachment.png>

More information about the Open-scap-list mailing list