search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.18k stars 694 forks source link

Support for Ubuntu 24.04 Noble #12489

Open rossigee opened 1 week ago

rossigee commented 1 week ago

Description of problem:

Trying to understand why the 'ssg-debderived' package contains configurations up to 22.04, but not for 24.04 (a.k.a. Noble), even though it's been out for six months or so now.

Does nobody harden their Noble servers?!

SCAP Security Guide Version:

N/A

Operating System Version:

Ubuntu 24.04

Steps to Reproduce:

  1. Install ssg-debderived package on Ubuntu 24.04.
  2. Try to find appropriate SSG to scan the machine. Find only versions for 22.04.
  3. Try fruitlessly to run 22.04 versions on 24.04.
  4. Scratch head. Wonder why there are no 24.04 configurations to be found anywhere, even on Google.

Actual Results:

Unable to scan machine.

Expected Results:

Something like this should just work...

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level2_server --fetch-remote-resources --results before-hardening-results.xml --results-arf before-hardening-arf-results.xml --report before-hardening-report.html /usr/share/xml/scap/ssg/content/ssg-ubuntu2404-xccdf.xml

Additional Information/Debugging Steps:

N/A

dodys commented 1 day ago

The first benchmark for 24.04 was CIS which only came late in August and so far no one contributed it. Also if you are installing ssg-debderived through apt, it wouldn't include a profile for 24.04 as the development cycle of a release does not match benchmarks timeline anyway.

DISA STIG for 24.04 will probably only come late next year.