We're working with a government customer. We are in the process of a huge security review of all our systems using a DISA compliance scanning tool called SECSCN - we're running v6.3. They want to know if we can get HPSA to run SECSCN. Basically, SECSCN is a script that calls other scripts (shell/perl) based on OS, Organization etc. Any ideas?
It is really just a script? Where are the other scripts located? Are they already on the servers? You can import the sciprts into HPSA and then either create a software policy to add them to the servers and then you could use an audit policy to set them up to run.
It's not just a script but a suite of scripts and associated files. You run Start-SECSCN.sh, it's asks a couple of questions (location for reports & organization) and based on those answers and the OS it calls all the other required scripts. When the script completes it creates a set of reports.
Where are the other scripts located?
The entire suite is contained in a tar ball in /var/tmp/ on the HPSA server. Not sure if that answers your question though.
So I was able to get a SW policy to install my zip file and used the post-installation script to run the Start-SECSCN.sh script. Now all I need to do it get the resulting report tar file back to my core server. I'm thinking a OGFS script would be best but honestly don't know where to start. Any help would be greatly appreciated.
How big is your report tar file? You do not want to use OGFS to move large files. The HPSA documentation says to only use it to move files like configuration files. We have set a 2MB limit for our users. If the files aren't that big then OGFS is the way to go.