Nice to see CIS in the profiles. When I was trying to use OpenSCAP a few years ago, all it had was STIG, which didn't help me for work requirements. This can streamline builds a lot.
Thanks for watching, and the feedback! This is probably not a good match for Into the Terminal since we focus on Linux skills with some RHEL content. However, maybe one of the other Red Hat Enterprise Linux channel shows may be a better fit. Eric and Richard just wrapped up a series on Satellite (scap scanning was not included in the series). We also have Red Hat Enterprise Linux Presents… which tends to cover Red Hat specific technologies in more depth. If you’ve not seen these other shows, you might check out a couple of episodes!
Nice info on this episode, thanks! would be great to see a rundown on tailoring files and how we can create our own custom baseline profile and be able to enforce that when applicable. For example create a baseline based on CIS but alter some controls such as use different password policy requirements. How do we then scan and remediate using that profile. Also show how to automate reporting of custom policy on satellite environment. Thanks
@@RedHatEnterpriseLinux And, you know, to be fair... We create the notes so we can make sure we get some of these longer commands right on stream without you all watching us work through them live.
Get Started with Red Hat Enterprise Linux: developers.redhat.com/register
Try it for yourself: redhat.com/interactive-labs
Nice to see CIS in the profiles. When I was trying to use OpenSCAP a few years ago, all it had was STIG, which didn't help me for work requirements. This can streamline builds a lot.
Would like to see how this can be used to scan containers.
www.redhat.com/en/blog/container-vulnerabilities-openscap
great tutorial 👍🏼.
Can you make video how to integrate cis benchmarks with satellite?
Great idea! We'll add it to our backlog.
Thanks for watching, and the feedback!
This is probably not a good match for Into the Terminal since we focus on Linux skills with some RHEL content.
However, maybe one of the other Red Hat Enterprise Linux channel shows may be a better fit. Eric and Richard just wrapped up a series on Satellite (scap scanning was not included in the series). We also have Red Hat Enterprise Linux Presents… which tends to cover Red Hat specific technologies in more depth. If you’ve not seen these other shows, you might check out a couple of episodes!
Nice topic, just because some organizations do not accept without a audit performed. So be compliance is everthing. Thk Rui
Nice info on this episode, thanks! would be great to see a rundown on tailoring files and how we can create our own custom baseline profile and be able to enforce that when applicable. For example create a baseline based on CIS but alter some controls such as use different password policy requirements. How do we then scan and remediate using that profile. Also show how to automate reporting of custom policy on satellite environment. Thanks
Heh, even the RHEL pro's need notes to manage RHEL. It's not just me!
For sure! With as huge as technology is, its not about what you know, but do you know where to find the information you need.
@@RedHatEnterpriseLinux And, you know, to be fair... We create the notes so we can make sure we get some of these longer commands right on stream without you all watching us work through them live.