[ale] Security Template (STIG) Scripts for RHEL on github

[glallen01 at gmail.com (George Allen)]

FYI, re-post from the gov-sec at redhat list:

> https://github.com/SimonTek/stigs
> I wrote these I while ago, I have had them on my server for a few
> years, finally moved them to my github account. Primarily for RHEL 6
> machines, and ESXI 5 servers. I am working on RHEL 7 scripts. Please
> read through the scripts before you run them. For instance, all the
> ESXi scripts will lock the machine down, to the point you may have to
> re-install. Similar to the old gold disc.

Would you be interested in merging your changes (especially the
evolving RHEL7 scripts!) into the STIG directly? Working with DISA and
NSA, we've put everything on GitHub:

https://github.com/openscap/scap-security-guide

Essentially, one language (OVAL) performs the pass/fail check on the
system. The workflow embeds a bash script into the results which can
be executed by a system administrator to remediate their box. Those
bash scripts are located here:

https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/6/input/fixes/bash

The GitHub project serves as the upstream of the DoD STIG, and also
the scap-security-guide package delivered in RHEL6.

While a bit dated, this sample report gives you an idea of things:
http://people.redhat.com/swells/ssg-results/report.html#ruleresult-idp26062848

Our ultimate goal is to align scanning with remediation, allowing a
single workflow between the processes. Now shipping in RHEL6, this
also means systems can be configured as STIG/NSA/CIA/NRO/etc compliant
out of the box.