[Open-scap] Hardening Redhawk 6.5
Shawn Wells
shawn at redhat.com
Wed Jan 30 09:16:26 UTC 2019
On 1/29/19 11:14 PM, Boucher, William wrote:
>
> Hi folks,
>
> I’ve been tasked with applying the RedHat 6 STIG to several RedHawk
> 6.5 systems.
>
> Running oscap should be relatively easy, to see where a base install
> sits initially (RedHawk is RedHat with modifications for embedded
> realtime use).
>
> The RedHawk site talks about testing RedHawk performance after
> applying the RedHat STIG (in a white paper), but it makes no mention
> on how to apply it.
>
RedHawk Linux doesn't have a STIG or common criteria, so not sure what
security configuration guides (if any) are available.
If the RHEL STIGs can be applied to it, akin to CentOS, the
ComplianceAsCode user guide might be helpful:
https://github.com/ComplianceAsCode/content/blob/master/docs/manual/user_guide.adoc
Specifically remediation section:
https://github.com/ComplianceAsCode/content/blob/master/docs/manual/user_guide.adoc#remediation
> Applying it manually is an option, but I’d sure like to automate some.
>
> But my question really concerns adding packages (like selinix).
> RedHawk discourages using yum (with the RedHat repositories) to update
> packages, as there may be incompatibilities between the standard
> packages and the RedHawk modifications to the OS.
>
> Perhaps I should direct this question to RedHawk support, but I
> thought I’d ask it here first to get your input.
>
Not sure how RedHawk works. If they're layering RedHawk software ontop
of Red Hat instances, then you'd have a Red Hat subscription for every
node (and could ask Red Hat support). If RedHawk is distributing their
own independent linux distro, it'd be appropriate to query them about
package management.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20190130/c10710a1/attachment.htm>
More information about the Open-scap-list
mailing list