https://github.com/osquery/osquery logo
u

8p8c

03/01/2018, 12:23 AM
@spookerlabs cough https://github.com/hubblestack/hubble cough (cis benchmark)
s

spookerlabs

03/01/2018, 10:44 AM
But CIS check not based on osquery right ? Just took quick look and seems it uses openscap.
s

stefanmaerz

03/01/2018, 2:06 PM
yeah, for me the value propisition would be that I don't have to maintain yet another tool, instead use osquery which helps us kill two birds with one stone. openSCAP has all sorts of support for compliance profiles like CIS.
u

8p8c

03/01/2018, 3:40 PM
it's not based on osquery (or openscap afaik). from my understanding of cis benchmarks checking some of the file contents wouldn't be possible with osquery
s

stefanmaerz

03/01/2018, 4:02 PM
could augeas be used to parse out the content?
u

8p8c

03/01/2018, 5:12 PM
yes it can in some cases, but what if you will hit a file what you don't have a lens for? have you tried writing an augeas lens?
in some cases it's better to check if a configuration is active, rather than what's written in a file.
x

xstevens

03/03/2018, 9:36 PM
this is a topic I'm interested in as well
5 Views