Hey guys, Just a quick follow up on my talk last night. SCAP is Security Content Automation Protocol http://scap.nist.gov/ Various bodies make xml files that describe tests, they publish xccdf files that have all of the "things to test" Big Database of checks here: https://web.nvd.nist.gov/view/ncp/repository RedHat supports this and ships with all the required open source software ( rhel 6 and 7): - openscap - openscap-utils - openscap-scanner - scap-security-guide *For RHEL6:* The files for STIG for RHEL6 http://iasecontent.disa.mil/stigs/zip/Oct2015/U_RedHat_6_V1R9_STIG_SCAP_1-1_... unzip that stuff and run: /usr/bin/oscap xccdf eval --results /var/www/html/STIG-rhsa-results-oval-before.xml --report /var/www/html/STIG-rhsa-oval-report-before.html /root/STIG/U_RedHat_6_V1R9_STIG_SCAP_1-1_Benchmark-xccdf.xml *For RHEL7* it's even easier: install all the same packages: Then: /usr/bin/oscap xccdf eval --results /var/www/html/ssg-rhel7-results-before.xml --report /var/www/html/ssg-rhel7-report-before.html --profile xccdf_org.ssgproject.content_profile_rht-ccp /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml Here is the redhat 7 documentation https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm... I've attached a sample RHEL7 report ( the rhel 6 one is not as sexeh ) If you have any questions , let me know. David