Automate DISA STIG controls for RHEL/CentOS? I am deploying systems that must be configured using the Red Hat 6 (v1r2) Security Technical Implementation Guide(STIG) published by the Defense Information Systems Agency (DISA). Link to site. I've started developing a Kickstart file to automate many of these settings based on other KS files I've found via Google. Does anyone have any advice, additional tools, or other resources that will help? I do not _need_ to use Kickstart, it just seemed like the easiest way to get started. I'm looking for any resources: playbooks for Ansible, basic shell scripts, etc.

I have some scripts that are probably still "beta" from a project on GitHub by the RedHatGov organization (Red Hat, Inc. government sector employees).

<

While their project is not complete, nor universally applicable, it is a great start and I plan on forking, contributing, and requesting pulls for the projects.

Frank Cavvigia of Red Hat has also made this script publicly available (by forking the code from other projects such as Aqueduct), which will modify a RHEL 6.4 .iso with many settings and requirements for DISA STIG compliance. This creates a new .ISO you can burn and use to install a system with many compliant options from the get-go.

<

I have tested this script, with minor modifications, on CentOS 6.5 and it has been somewhat successful. Someday when I get it cleaned up I will document and share my findings/changes.