Hi - apparently there is some amount of vendor support for SLES 11, and I hear 12 is coming - for STIG / SCAPs. These define sets of tests to run against the OS for configuration mainly to asses security of the system. This is implemented through XCCDF and OVAL xml files.
Here are a few examples:
SLES11 for System Z: https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=407 (not that this is an incomplete fileset, seems to be missing DPMS_XCCDF_Benchmark_SuSe zLinux.xml). I’ve emailed the point of contact about this, and they said it’s coming from the vendor and they don’t know anything otherwise.
RHEL6: https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=438
RHEL7 is going under draft and mainly being worked on here: https://github.com/OpenSCAP/scap-security-guide
I’m wondering if anyone at Novel is in the know on these files or if it’s something that slipped by the wayside. They’re basically a requirement for DoD usage of SUSE.
Btw, the oval files implement different checks, e.g. not wrt CVEs as the files here: http://ftp.suse.com/pub/projects/security/oval/
Hi jenewton,
[QUOTE=jenewton;32646]Hi - apparently there is some amount of vendor support for SLES 11, and I hear 12 is coming - for STIG / SCAPs. These define sets of tests to run against the OS for configuration mainly to asses security of the system. This is implemented through XCCDF and OVAL xml files.
Here are a few examples:
SLES11 for System Z: https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=407 (not that this is an incomplete fileset, seems to be missing DPMS_XCCDF_Benchmark_SuSe zLinux.xml). I’ve emailed the point of contact about this, and they said it’s coming from the vendor and they don’t know anything otherwise.
RHEL6: https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=438
RHEL7 is going under draft and mainly being worked on here: https://github.com/OpenSCAP/scap-security-guide
I’m wondering if anyone at Novel is in the know on these files or if it’s something that slipped by the wayside. They’re basically a requirement for DoD usage of SUSE.[/QUOTE]
I’m not sure what you’re looking for - if it’s an official SUSE position on the issue, asking in the forums isn’t the most effective way to go: These forums are “peer-to-peer” support from fellow SLES users.
Regards,
J.