<@U78C3F952> cough <https://github.com/hubblestack...
# generalu
8p8c
03/01/2018, 12:23 AM@spookerlabs cough https://github.com/hubblestack/hubble cough (cis benchmark)
s
spookerlabs
03/01/2018, 10:44 AMBut CIS check not based on osquery right ? Just took quick look and seems it uses openscap.
s
stefanmaerz
03/01/2018, 2:06 PMyeah, for me the value propisition would be that I don't have to maintain yet another tool, instead use osquery which helps us kill two birds with one stone. openSCAP has all sorts of support for compliance profiles like CIS.
u
8p8c
03/01/2018, 3:40 PMit's not based on osquery (or openscap afaik).
from my understanding of cis benchmarks checking some of the file contents wouldn't be possible with osquery
s
stefanmaerz
03/01/2018, 4:02 PMcould augeas be used to parse out the content?
u
8p8c
03/01/2018, 5:12 PMyes it can in some cases, but what if you will hit a file what you don't have a lens for?
have you tried writing an augeas lens?
8p8c
03/01/2018, 7:40 PMin some cases it's better to check if a configuration is active, rather than what's written in a file.
x
xstevens
03/03/2018, 9:36 PMthis is a topic I'm interested in as well
5 Views