U.S. Gov Configuration Baseline for Red Hat Enterprise Linux

Tuesday, March 01, 2011

Jamie Adams


On February 28, 2011, the U.S. Government Configuration Baseline (USGCB) for Red Hat Enterprise Linux 5 was released.

The long awaited Security Content Automation Protocol (SCAP) content is the next phase in supplanting the legacy Bourne shell scripts collectively known as the System Readiness Review (SRR) scripts.

In 2010, the USGCB replaced the Federal Desktop Core Configuration (FDCC) which has always been associated with Microsoft® software. The USGCB initiative is to create security configuration baselines for Information Technology products widely deployed across the federal agencies.

In my previous post, “DISA UNIX STIG for Red Hat Enterprise Linux 5 and 6” I discussed the release of the “OS SRG (UNIX), Version 1.1” on February 2, 2011. The download included only benchmark documents in the XCCDF format.

On February 28, 2011, in an email to Red Hat’s gov-sec mailing list, Steve Grubb announced the availability of the alpha release of the USGCB content for Red Hat Enterprise Linux 5. He also had this to say about the project:

“The project took a long time, required getting involved in standards committees to update OVAL to understand modern Linux security mechanisms, plus lots of work from people that do content authoring and system testing. The project is looking for feedback via the official NIST channels (not this email list). Somewhere in the downloads should be some info on that.”


This release has only been tested on Red Hat Enterprise Linux Desktop 5 so, if you’ve got the time, test some Red Hat installations and provide some feedback.

I want to commend the committee and the contributors because I know it was a long and laborious process. There are still lots of challenges ahead so community involvement will certainly help mature the baselines much quicker.

I for one plan on downloading the latest version of OpenSCAP and performing some tests. I will be sharing my procedures, experiences, and test results in an upcoming blog post.

Cross posted from Security Blanket Technical Blog

Possibly Related Articles:
Operating Systems
Operating Systems Linux STIG OpenSCAP USGCB FDCC
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.