Name: security-benchmarks
Owner: U.S. General Services Administration
Description: GSA Security Benchmarks and Tools
Created: 2017-05-19 00:50:32.0
Updated: 2018-05-21 21:48:57.0
Pushed: 2018-05-21 21:48:59.0
Size: 1637
Language: Python
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
Welcome to the General Services Administration Security Benchmarks repository. Here you can find items to help implement GSA Security Benchmarks, Infrastructure As Code, and other tools for our DevSecOps work.
The GSA publishes security guides for various operating systems and applications commonly used at the agency. For more information, please refer to the published guides on insite.gsa.gov (only accessible with GSA account).
Only accessible with GSA account.
For questions or comments, please email ise-guides@gsa.gov.
The DevSecOps Example is a good starting point for understanding how all the various pieces fit together. The components are at varying levels of “completion” - see the README and open issues in the respective repository for more details. Feedback more than welcome!
Work in progress.
Recommended tools to use on every server, though you are not limited to the options this list.
Requirement | Linux | Windows — | — | — Activity monitoring | OSSEC | OSSEC Antivirus (preferred if OS is supported) | Cylance|Cylance Antivirus | ClamAV | ClamAV Hardening (to match benchmarks) | RHEL 6, RHEL 7, Ubuntu 14, Ubuntu 16 | Group Policy Settings Log forwarding | rsyslog | Snare Multi-factor auth (required for internet-facing servers) | Google Authenticator | Rohos Logon Key Vulnerability scanning | Nessus | Nessus Incident response (if OS is supported) | FireEyeHx|FireEyeHx
Work in progress.
This repository also contains code to build the base server images with all the agents etc. installed.
Set up the AWS CLI.
Install additional dependencies:
Specify a region (options).
rt AWS_DEFAULT_REGION=...
Build the AMI.
This will create AMIs with names of <operating system>-base-<timestamp>
.