OpenSCAP ‐ CIS Benchmark DISA STIG scan results and remediation - mluchettii/github-wiki-mluchetti GitHub Wiki

Fedora Server CIS Benchmark scan results
- Fedora Server remediation
  - Set Password Maximum Age
Mozilla Firefox DISA STIG scan results
- Mozilla Firefox remediation
  - Disable Firefox deprecated ciphers

Fedora Server CIS Benchmark scan results

This is the output of the scan as it happened in real time.

Final scan results presented in the form of an HTML document.

Here are some controls that need to be fixed. Let's view 'Set Password Maximum Age'.

Clicking on a rule opens this window showing us more details about the rule, such as the description and severity level. At the bottom, we can click on a green box that provides us with a remediation shell script.

Fedora Server remediation

Set Password Maximum Age

Copy the shell script and paste it into a .sh file and use sudo chmod +x <remediation-script>.sh to grant executable permission. Then, run the script in the terminal using sudo ./<remediation-script>.sh.

After scanning again, we can confirm that the check for 'Set Password Maximum Age' was a pass and that the remediation script was successful.

Mozilla Firefox DISA STIG scan results

Initial results before remediation (1/2)

Initial results before remediation (2/2)

Mozilla Firefox remediation

Disable Firefox deprecated ciphers

Rule information and remediation script

After running the script and rerunning the scan, we get a pass for the control check