Hi All,
I recall recently someone had asked about SSG for Ubuntu, and there was a long thread following about the STIG process. I was surprised today when someone asked me if I could look at the Ubuntu STIG because just last week I had been on the STIG website and no such thing had existed.
Anyway, https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx has Ubuntu 16.04 STIG v1r1 available. Will there be any work in the SSG project to incorporate this?
P.S. I wonder how Canonical got a STIG published with out going through any draft releases and less than 18 months after the OS version was published?
--Sean
On 9/21/17 2:56 PM, Sean wrote:
Hi All,
I recall recently someone had asked about SSG for Ubuntu, and there was a long thread following about the STIG process. I was surprised today when someone asked me if I could look at the Ubuntu STIG because just last week I had been on the STIG website and no such thing had existed.
Anyway, https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx has Ubuntu 16.04 STIG v1r1 available. Will there be any work in the SSG project to incorporate this?
Patches to align the content would be most welcome! Given the Ubuntu STIG was only released a few days ago, many might still be digesting it.
P.S. I wonder how Canonical got a STIG published with out going through any draft releases and less than 18 months after the OS version was published?
Wagering the RHEL content laid the foundation, they just had to update it for apt vs yum and other Ubuntu-specific changes. Do a find on "Red Hat" in DISA's Ubuntu content ;) They missed a few find+replace sections.
It says V1R1, but portions of it are still very draft-like:
"Install the Ubuntu operating system patches or updated packages available from Red Hat within 30 days or sooner as local policy dictates."
Help, I can't find the unstable yum repo!
-- Paul Arnold, CISSP Cole Engineering Services, Inc.
________________________________ From: Sean [smalder73@gmail.com] Sent: Thursday, September 21, 2017 02:56 PM To: SCAP Security Guide Subject: [Non-DoD Source] DISA STIG for Ubuntu Released...
All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
________________________________
Hi All,
I recall recently someone had asked about SSG for Ubuntu, and there was a long thread following about the STIG process. I was surprised today when someone asked me if I could look at the Ubuntu STIG because just last week I had been on the STIG website and no such thing had existed.
Anyway, Caution-https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx < Caution-https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx > has Ubuntu 16.04 STIG v1r1 available. Will there be any work in the SSG project to incorporate this?
P.S. I wonder how Canonical got a STIG published with out going through any draft releases and less than 18 months after the OS version was published?
--Sean
Maybe they thought they were writing a fedora STIG? ;-)
Sent from my iPhone
On Sep 22, 2017, at 8:12 AM, Arnold, Paul C CTR USARMY PEO STRI (US) <paul.c.arnold4.ctr@mail.milmailto:paul.c.arnold4.ctr@mail.mil> wrote:
It says V1R1, but portions of it are still very draft-like:
"Install the Ubuntu operating system patches or updated packages available from Red Hat within 30 days or sooner as local policy dictates."
Help, I can't find the unstable yum repo!
-- Paul Arnold, CISSP Cole Engineering Services, Inc.
________________________________ From: Sean [smalder73@gmail.commailto:smalder73@gmail.com] Sent: Thursday, September 21, 2017 02:56 PM To: SCAP Security Guide Subject: [Non-DoD Source] DISA STIG for Ubuntu Released...
All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.
________________________________
Hi All,
I recall recently someone had asked about SSG for Ubuntu, and there was a long thread following about the STIG process. I was surprised today when someone asked me if I could look at the Ubuntu STIG because just last week I had been on the STIG website and no such thing had existed.
Anyway, Caution-https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx < Caution-https://iase.disa.mil/stigs/os/unix-linux/Pages/index.aspx > has Ubuntu 16.04 STIG v1r1 available. Will there be any work in the SSG project to incorporate this?
P.S. I wonder how Canonical got a STIG published with out going through any draft releases and less than 18 months after the OS version was published?
--Sean _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.orgmailto:scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.orgmailto:scap-security-guide-leave@lists.fedorahosted.org
scap-security-guide@lists.fedorahosted.org