Skip to content

compliance as code audit CCE-XXXXX-X NIST-800-XX-XX-XX PCI-DSS-Req-X.X.X CJIS-X.X.X

License

Notifications You must be signed in to change notification settings

githubfoam/CJIS_sandbox

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CJIS_sandbox

fedora-31

[vagrant@srvstack-01 ~]$ sudo ansible-galaxy install RedHatOfficial.rhel8_cjis
[vagrant@srvstack-01 ~]$ sudo ansible-playbook -i "localhost," -c local --check /vagrant/playbook.yml

TASK [RedHatOfficial.rhel8_cjis : Read signatures in GPG key] *******************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": "set -o pipefail\ngpg --show-keys --with-fingerprint --with-colons \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release\" | grep -A1 \"^pub\" | grep \"^fpr\" | cut -d \":\" -f 10\n", "delta": "0:00:00.322988", "end": "2020-02-17 14:59:02.788414", "msg": "non-zero return code", "rc": 1, "start": "2020-02-17 14:59:02.465426", "stderr": "gpg: directory '/root/.gnupg' created\ngpg: keybox '/root/.gnupg/pubring.kbx' created\ngpg: can't open '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release': No such file or directory", "stderr_lines": ["gpg: directory '/root/.gnupg' created", "gpg: keybox '/root/.gnupg/pubring.kbx' created", "gpg: can't open '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release': No such file or directory"], "stdout": "", "stdout_lines": []}

PLAY RECAP **********************************************************************************************************************************************************************************
localhost                  : ok=23   changed=11   unreachable=0    failed=1    skipped=2    rescued=0    ignored=0

centos-8.0

sudo required

[vagrant@srvstack-02 ~]$ sudo ansible-galaxy install RedHatOfficial.rhel8_cjis
[vagrant@srvstack-02 ~]$ sudo ansible-playbook -i "localhost," -c local --check /vagrant/playbook.yml

TASK [RedHatOfficial.rhel8_cjis : Read signatures in GPG key] *******************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "cmd": "set -o pipefail\ngpg --show-keys --with-fingerprint --with-colons \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release\" | grep -A1 \"^pub\" | grep \"^fpr\" | cut -d \":\" -f 10\n", "delta": "0:00:00.074890", "end": "2020-02-17 14:42:27.320111", "msg": "non-zero return code", "rc": 1, "start": "2020-02-17 14:42:27.245221", "stderr": "gpg: directory '/root/.gnupg' created\ngpg: keybox '/root/.gnupg/pubring.kbx' created\ngpg: can't open '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release': No such file or directory", "stderr_lines": ["gpg: directory '/root/.gnupg' created", "gpg: keybox '/root/.gnupg/pubring.kbx' created", "gpg: can't open '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release': No such file or directory"], "stdout": "", "stdout_lines": []}

PLAY RECAP **********************************************************************************************************************************************************************************
localhost                  : ok=22   changed=13   unreachable=0    failed=1    skipped=3    rescued=0    ignored=0


Criminal Justice Information Services (CJIS) Security Policy
https://github.com/RedHatOfficial/ansible-role-rhel8-cjis

CCE-80872-5
CCE-80872-5 	Enable auditd Service
http://people.redhat.com/swells/table-rhel8-cces.html

Guide to the Secure Configuration of Red Hat Enterprise Linux 8
http://static.open-scap.org/ssg-guides/ssg-rhel8-guide-cui.html

 NIST-800-53-AC-2(g)
 g. Monitors the use of information system accounts;
 https://nvd.nist.gov/800-53/Rev4/control/AC-2

 NIST-800-53-AU-3
 AU-3 CONTENT OF AUDIT RECORDS
 https://nvd.nist.gov/800-53/Rev4/control/AU-3#enhancement-1

 PCI-DSS-Req-10.2.2
 10.2.2 All actions taken by any individual with root or administrative privileges.
 http://pcidsscompliance.net/pci-dss-requirements/how-to-comply-to-requirement-10-of-pci-dss/

 CJIS Security Policy Resource Center
 https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center

 Guide to the Secure Configuration of Red Hat Enterprise Linux 8
 http://static.open-scap.org/ssg-guides/ssg-rhel8-guide-cui.html

About

compliance as code audit CCE-XXXXX-X NIST-800-XX-XX-XX PCI-DSS-Req-X.X.X CJIS-X.X.X

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published