wiki:WikiStart
Warning: Can't synchronize with repository "(default)" (/srv/svn/aqueduct does not appear to be a Subversion repository.). Look in the Trac log for more information.
Last modified 10 months ago Last modified on 06/14/13 22:56:11

Project Overview

The Aqueduct project provides automated changes to Red Hat Enterprise Linux based systems to meet security guidelines established by various agencies. These changes are in the form of Bash scripts and Puppet manifests. Each change is specific to the agency's auditing criteria and granular enough to allow the system owner to decide on changes at the line item level.

Supported Security Configuration Guidances

  • Center for Internet Security (CIS)
  • Defense Information Systems Agency Security Technical Implementation Guide (STIG)
  • Department of Homeland Security (DHS)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • National Industrial Security Program Operating Manual (NISPOM)
  • Payment Card Industry (PCI)
  • US Government Configuration Baselines (USGCB)

Development Status

  • Active development on released version of RHEL 5 STIG
  • RHEL 5 BASH scripts derived from beta version of RHEL 5 STIG now complete
  • Seeking contributers for other configuration guidelines

Project Objectives

  • Translate compliance requirements:
  Thou shalt not allow root access to ssh

Into automated configuration modification:

  sed -i -e 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
  • Focus on development of Bash script content and Puppet configuration manifests for RHEL 5
  • Port configuration scripts/manifests to function on RHEL 6 following finalization of RHEL 5 Aqueduct content
  • Work to identify Security Content Automation Protocol (SCAP) compliant content for future releases of security requirements from DISA
  • Work with scap-security-guide to develop step by step user guides for all supported configuration guidance policies

Site Index

Frequently Asked Questions


Getting Involved

IRC: #aqueduct on freenode.net
Mailing List: https://fedorahosted.org/mailman/listinfo/aqueduct
Bi-Weekly Call: Call
Web-based source browser: https://fedorahosted.org/aqueduct/browser
Anonymous checkout: git clone git://git.fedorahosted.org/git/aqueduct.git
Commit access: git push ssh://username@git.fedorahosted.org/git/aqueduct.git

Become A Developer

Attachments