| polarpinguin | ansible-hardening for Ubuntu 20.04 help? Best path to script? | 18:26 |
|---|---|---|
| polarpinguin | DISA STIG specific | 18:26 |
| sarnold | polarpinguin: seen this? https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux | 18:28 |
| polarpinguin | Yes I have the STIG but trying to automate the STIG tasks to systems. | 18:29 |
| polarpinguin | was looking at https://github.com/openstack/ansible-hardening | 18:30 |
| polarpinguin | anybody used this? | 18:31 |
| polarpinguin | for 20.04? | 18:31 |
| cipherboy | polarpinguin: \o greetings :) | 18:46 |
| cipherboy | polarpinguin: We're actively working on STIG automation; it'll be a paid offering similar to our present CIS offering (see https://security-certs.docs.ubuntu.com/en/cis and https://ubuntu.com/security/certifications). | 18:47 |
| cipherboy | polarpinguin: That said, we're basing our STIG automation around the github.com/ComplianceAsCode/content project and are actively contributing there (see for instance, https://github.com/ComplianceAsCode/content/pull/7220). | 18:48 |
| ubottu | Pull 7220 in ComplianceAsCode/content "Add initial Ubuntu 20.04 STIG Profile" [Open] | 18:48 |
| cipherboy | polarpinguin: This is an upstream, community effort and not everything that ends up in our paid offering will land upstream... but you're more than welcome to contribute there if the (future) paid offering isn't of interest to you. The CaC project mostly hang out on #openscap here on Libera. | 18:49 |
| polarpinguin | cipherboy: Thank you very much for the info | 18:54 |
| cipherboy | polarpinguin: I guess I should also say that Red Hat has contributed a lot of Ansible tooling to CaC but Canonical mostly focuses on Bash... so Ansible+Ubuntu content will certainly be welcomed by the upstream community. | 18:58 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!