PDA

View Full Version : SLES 12 STIG / SCAP files for SUSE 11/12



jenewton
20-May-2016, 20:54
Hi - apparently there is some amount of vendor support for SLES 11, and I hear 12 is coming - for STIG / SCAPs. These define sets of tests to run against the OS for configuration mainly to asses security of the system. This is implemented through XCCDF and OVAL xml files.

Here are a few examples:
SLES11 for System Z: https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=407 (not that this is an incomplete fileset, seems to be missing DPMS_XCCDF_Benchmark_SuSe zLinux.xml). I've emailed the point of contact about this, and they said it's coming from the vendor and they don't know anything otherwise.

RHEL6: https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=438

RHEL7 is going under draft and mainly being worked on here: https://github.com/OpenSCAP/scap-security-guide

I'm wondering if anyone at Novel is in the know on these files or if it's something that slipped by the wayside. They're basically a requirement for DoD usage of SUSE.

jenewton
20-May-2016, 20:58
Btw, the oval files implement different checks, e.g. not wrt CVEs as the files here: http://ftp.suse.com/pub/projects/security/oval/

jmozdzen
23-May-2016, 14:55
Hi jenewton,


Hi - apparently there is some amount of vendor support for SLES 11, and I hear 12 is coming - for STIG / SCAPs. These define sets of tests to run against the OS for configuration mainly to asses security of the system. This is implemented through XCCDF and OVAL xml files.

Here are a few examples:
SLES11 for System Z: https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=407 (not that this is an incomplete fileset, seems to be missing DPMS_XCCDF_Benchmark_SuSe zLinux.xml). I've emailed the point of contact about this, and they said it's coming from the vendor and they don't know anything otherwise.

RHEL6: https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=438

RHEL7 is going under draft and mainly being worked on here: https://github.com/OpenSCAP/scap-security-guide

I'm wondering if anyone at Novel is in the know on these files or if it's something that slipped by the wayside. They're basically a requirement for DoD usage of SUSE.

I'm not sure what you're looking for - if it's an official SUSE position on the issue, asking in the forums isn't the most effective way to go: These forums are "peer-to-peer" support from fellow SLES users.

Regards,
J.