Which approved list? This has been an issue for us which has kept us from deploying this tool across all of our servers. I'm hoping it will show up on the DoD/USAF list soon!

I should be on there. It was DOD approved a few months back. I dont want to go into the lists or branches to much on this forum though.

DoD Bastille
 

I realize this thread is over 4 years old, but this is one of the top results when searching for Linux STIGs. While nothing that I've found operates on a Debian-based system, there are some tools to configure a RHEL system and its derivatives like CentOS.

The closest thing I've found to what you're proposing in this thread (other than Security Blanket) is DoD Bastille which is an open source, rewritten version of Bastille Linux to configure a server to be in compliance with DISA STIGs.

You can find DoD Bastille on Forge.mil (the DISA version of SourceForge.net for DoD open source projects). You'll need to login with a DoD issued CAC card.
Here is the direct link to the DoD Bastille page: https://software.forge.mil/sf/projects/dodbastile

From what I can tell, it doesn't look like much has changed since Feb 2011, but it looks like a very promising solution if it can maintain active development.

k3vmcd,

Thanks for the info. That project is actually dead. We moved that project out into the open source community, renamed it, and actually started heavily development.

R/

Vince

Awesome! What's the new project name? I've been searching for something like this for several months now.

Aqueduct.

https://fedorahosted.org/aqueduct/

I know that it has been ~5 years since this thread was last updated, but this website is now deprecated as of 1 March 2017.

To continue the original thread, does anyone have any scripts for Red Hat 7 STIG applications?

Respectfully,
Ross Lee Richard