Title
#general
8p8c

8p8c

03/01/2018, 12:23 AM
@spookerlabs cough https://github.com/hubblestack/hubble cough (cis benchmark)
spookerlabs

spookerlabs

03/01/2018, 10:44 AM
But CIS check not based on osquery right ? Just took quick look and seems it uses openscap.
stefanmaerz

stefanmaerz

03/01/2018, 2:06 PM
yeah, for me the value propisition would be that I don't have to maintain yet another tool, instead use osquery which helps us kill two birds with one stone. openSCAP has all sorts of support for compliance profiles like CIS.
8p8c

8p8c

03/01/2018, 3:40 PM
it's not based on osquery (or openscap afaik). from my understanding of cis benchmarks checking some of the file contents wouldn't be possible with osquery
stefanmaerz

stefanmaerz

03/01/2018, 4:02 PM
could augeas be used to parse out the content?
8p8c

8p8c

03/01/2018, 5:12 PM
yes it can in some cases, but what if you will hit a file what you don't have a lens for? have you tried writing an augeas lens?
7:40 PM
in some cases it's better to check if a configuration is active, rather than what's written in a file.
x

xstevens

03/03/2018, 9:36 PM
this is a topic I'm interested in as well