Salt-a-Mole: Auditing & Remediation for DISA STIG Compliance

Salt-a-Mole: Auditing & Remediation for DISA STIG Compliance

Justin McMillion & David Kleiner, Sunayu

This talk will review Sunayu’s use of SaltStack to meet the requirements of DISA Security Technical Implementation Guide for Red Hat-based Linux systems. In addition, we will demo the use of the custom module ‘salt-check’ as a method for compliance and auditing. After using salt to bring our minion into compliance with STIG 7, we will manually bring the minion out of compliance allowing salt-check to detect the out of specification control, report it, fix it, and then confirm that it has been fixed. Finally, we will release a small test environment that can be downloaded from gitlab so that people can experiment with Sunayu’s opensource STIGs and salt-check.

View More from SaltConf18

Thank You