Grate introduction video ! I wonder if this is limited to this version of Ubuntu image (Ubuntu Pro) or if we can have this solution in all ubuntu servers.
On Dell XPS 15 9530, after enabling fips-updates and running the fix it breaks the GUI on reboot. End up with a blinking cursor on a black screen. Have to ctrl+alt+f2-6 to get to CLI. Can only startx as root. Think it has to do with integrated+add on graphics but I'm completely stumped on how to fix it.
Carlos, I have been trying to resolve one of the rules for months. The customer is requiring a password for single user mode. Every time I set a password the server no longer boots. I have tried using the EC2 Serial console which is available before I set the password, but not after. Do you have any ideas?
That is why you can also create a tailoring file and specify which of the remediations you need to apply to meet your requirements. You are likely to blow up a few servers before you get things right, but it is definitely faster than sitting with the DISA STIG manual and applying each fix one at a time and still likely making a few bricks before you get it right.
Thanks bro, you just save me days of work doing this manually !!!
Grate introduction video ! I wonder if this is limited to this version of Ubuntu image (Ubuntu Pro) or if we can have this solution in all ubuntu servers.
Hi. This tool (usg) is part of the Ubuntu Pro features. Also DISA-STIG requires your server to be running on FIPS mode, which is another Pro feature.
On Dell XPS 15 9530, after enabling fips-updates and running the fix it breaks the GUI on reboot. End up with a blinking cursor on a black screen. Have to ctrl+alt+f2-6 to get to CLI. Can only startx as root. Think it has to do with integrated+add on graphics but I'm completely stumped on how to fix it.
Carlos, I have been trying to resolve one of the rules for months. The customer is requiring a password for single user mode. Every time I set a password the server no longer boots. I have tried using the EC2 Serial console which is available before I set the password, but not after. Do you have any ideas?
can I run this same commands on rhel 7?
this is not hardening this is gambling with the likely result of destroying
That is why you can also create a tailoring file and specify which of the remediations you need to apply to meet your requirements. You are likely to blow up a few servers before you get things right, but it is definitely faster than sitting with the DISA STIG manual and applying each fix one at a time and still likely making a few bricks before you get it right.