STIG'ing a RHEL6 ISO with OPenSCAP benchmarks

Latest response

Is it possible to create an ISO for RHEL6 with a STIG configuration built in for OpenSCAP? I assume I'll need some sort of imaging/cloning software that runs on RHEL to create the ISO after the OS has been hardened. Any thoughts or suggestions on the best way to go about this? My goal is to be able to deploy our RHEL VM's out of the gate that already meet the requires security config.

Responses

I want to run openscap inRHEL 6.10 server, please advise as I am not able to find oscap

Hi Zohair,

Here you go : sudo yum install openscap-scanner scap-security-guide ... now you can run it. :)

Regards,
Christian

Install the required packages:

sudo yum -y install openscap-utils scap-security-guide

Run the openscap utility in remediation mode, targeting the rhel 6 stig profile and generate a report in /var/tmp/:

sudo /bin/oscap xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_stig --results /var/tmp/rhel6_server_stig_results.xml --report /var/tmp/rhel6_server_stig_report.html /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml