Open rossigee opened 1 month ago
dodys
commented
1 month ago The first benchmark for 24.04 was CIS which only came late in August and so far no one contributed it. Also if you are installing ssg-debderived through apt, it wouldn't include a profile for 24.04 as the development cycle of a release does not match benchmarks timeline anyway.
DISA STIG for 24.04 will probably only come late next year.
rossigee
commented
1 week ago Given that 24.04 is more-or-less just an updated 22.04, I would expect 90% of the rules to 'just work'. I was hoping I could at least run the 22.04 rules against my 24.04 install provide at least a certain level of coverage.
so far no one contributed it
How would one contribute it? Is there hoops to jump through, or is it really just a case of taking the 22.04 rules, replacing '22' with '24' and starting with that?
dodys
commented
1 week ago How would one contribute it? Is there hoops to jump through, or is it really just a case of taking the 22.04 rules, replacing '22' with '24' and starting with that?
Just doing that creates more noise than helps. The right way is to evaluate the benchmarks, make a comparison and from there start building the 2404 profile. @mpurg already started it, the profile should be ready in a few months, depending on testing results
Description of problem:
Trying to understand why the 'ssg-debderived' package contains configurations up to 22.04, but not for 24.04 (a.k.a. Noble), even though it's been out for six months or so now.
Does nobody harden their Noble servers?!
SCAP Security Guide Version:
N/A
Operating System Version:
Ubuntu 24.04
Steps to Reproduce:
ssg-debderivedpackage on Ubuntu 24.04.Actual Results:
Unable to scan machine.
Expected Results:
Something like this should just work...
Additional Information/Debugging Steps:
N/A