Re: Compiled list (STIG for Debian)
On 3/2/22 10:54, Jeremiah C. Foster wrote:
Cannot speak for it's provenance, but there's this; https://github.com/hardenedlinux/STIG-4-Debian
Jeremiah,
Thanks, that actually looks like more of an SRR (System Readiness Review[0]) evaluation checker for applicable STIGs.
As it states, it uses the RHEL7 STIG as a baseline for the tests.
While old (2017), it might still prove useful if it can identify CAT I issues quickly with few false negatives as a *starting point*
--stephen
[0] i think DISA stopped making these scripts due to the burden of keeping them upto date. 3rd parties now do that for $$$$
Reply to: