[Open-scap] Wish to disable check or remediation of STIG rules to remove X Windows and to use smart card
Boucher, William
William.Boucher at mza.com
Mon Jun 24 19:52:11 UTC 2019
Hi Folks,
I've got a machine running Scap Workbench on another remote/networked machine. Both are CentOS 7.5. I set up Workbench to SSH to the remote box as root (for now root ssh login is enabled on both machines), using CentOS 7 content. I selected DISA STIG for Red Hat Enterprise Linux 7. Within the displayed rules there are two I need to ignore. I need X Windows and cannot use a smart card (or any multifactor) in the system I want to remediate.
So the "Remove the X Windows Package Group" & "Enable Smart Card Login" need to be tailored out somehow so remediation won't implement those controls.
(I'm assuming the "Enable the GNOME3 Login Smartcard Authentication", "Install Smart Card Packages For Multifactor Authentication" & "Configure Smart Card Certificate Status Checking" rules can be left in place if "Enable Smart Card Login" isn't set up.)
I cannot see an easy way in Workbench to just tell it to ignore a selected rule.
What do I need to do to keep remediation from implementing these rules?
Thank you,
--Bill
William B. Boucher, BSEE
Embedded Systems Software Engineer
Information Systems Security Manager
MZA Associates Corporation
4900 Lang Ave. NE, Suite 100
Albuquerque, NM 87109-9708
Phone: 505.245.9970 x166
Fax: 505.245.9971
Cell: 505.459.7620
william.boucher at mza.com<mailto:william.boucher at mza.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20190624/a9a5dc8c/attachment.htm>
More information about the Open-scap-list
mailing list