Introduction In part 1 of this series we were introduced to OpenSCAP and the process of running scans via the SCAP workbench. In part 2, we explored concepts and components that define security/vulnerability scans. In this 3rd post we are going to dive into the command line operation. Let's get started with oscap. Installing oscap In … Continue reading OpenSCAP Part 3: Running Scans from the Command Line in RHEL 7
Security
OpenSCAP Part 2: SCAP Content for RHEL 7
Introduction In part one of the OpenSCAP series we were introduced to the basic usage of the OpenSCAP toolset. In that post we learned how to run a basic scan via the scap-workbench in a desktop environment. This post will focus on the Content, Profiles, and Targets. Content All content will be installed in the … Continue reading OpenSCAP Part 2: SCAP Content for RHEL 7
OpenSCAP Part 1: Introduction and Basic Usage for RHEL 7/CentOS 7/Fedora
Introduction OpenSCAP is a standardized compliance solution for Linux. It is comprised of policies (NIST, STIG, etc) and tooling (oscap, scap-workbench) that allow you to scan and evaluate Linux hosts in order to validate their compliance with industry defined standards. In addition to providing industry standard compliance rules, OpenSCAP also allows administrators to create custom … Continue reading OpenSCAP Part 1: Introduction and Basic Usage for RHEL 7/CentOS 7/Fedora
RHEL 7 Two-Factor SSH Via Google Authenticator
In this post, I am going to walk you through the process of installing and configuring two- factor SSH authentication via Google Authenticator. My base system is running a fresh install of RHEL 7.2 Installation Steps The first step on my system was to install autoreconf, automake, and libtool. These packages are required by the bootstrap.sh script that … Continue reading RHEL 7 Two-Factor SSH Via Google Authenticator
RHEL6: Cool PAM Tricks – Logging Terminal Keystokes
This is a neat and very useful trick that I learned today. Lets say that you want to be able to monitor and log all keystrokes that are typed as root. This is particularly useful as normally you can only log when a user uses sudo to run a command. If the user has the abilty to become root however, then they have effectively eluded yourattempts to track their activity. Like Thomas Magnum shaking a tail, they are free to scoot around your island with the top down.
RHEL6: Composing Custom Auditd Rules for Fun and Profit
Auditd gives you the ability to write your own custom audit rules. This functionality allows an administrator to keep a close eye on system calls, file access, and user behavior. This added functionality is especially useful in environments that are requred to adhear to compliance standards that are above and beyond normal standards. Think PCI.
Mastering Auditd: A Guide to Linux Auditing
Auditd is the userland piece of the RHEL audit tool suite. When its up and running, audit messages sent by the kenel will be send to log files that you have configured. By default, only a small and limited number of messages will be picked up by Auditd; these are mostly messages related to authentication and authorization.