This project is only approved for material that is completely releasable to the public.
Please do not upload material that has not been approved for public release.
For those out there that just want the goods, the actual code for the SIMP project is hosted under the SIMP GitHub Organization.
If you're using a new system such as a blank VM or a bare metal system, you will want to follow the instructions for building an ISO.
If you are looking to use the SIMP materials on an existing system, instructions are available on the SIMP Confluence.
Product documentation is housed at ReadTheDocs.org.
NOTE Release artifacts are all hosted on Bintray
-
- Red Hat Enterprise Linux
- 7.1 (download)
- CentOS
- 7.1-1503-01 (download)
- Red Hat Enterprise Linux
-
- Red Hat Enterprise Linux
- 6.7 (download)
- CentOS
- 6.7 (download)
- Red Hat Enterprise Linux
SIMP is a framework that provides a flexible combination of security compliance and operational automation.
The goal of the project is to provide a complete management environment focused on compliance with the various profiles in the SCAP Security Guide Project and industry best practice.
Though it is fully capable out of the box, the intent of SIMP is to be molded to your target environment in such a way that deviations are easily identifiable to both Operations Teams and Security Officers.
At this time, there are no commercial requirements for the use of SIMP outside of the purchase of Red Hat Enterprise Linux licenses as applicable.
This Work is provided "as is." Any express or implied warranties, including but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the United States Government be liable for any direct, indirect, incidental, special, exemplary or consequential damages (including, but not limited to, procurement of substitute goods or services, loss of use, data or profits, or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this Guidance, even if advised of the possibility of such damage.
The User of this Work agrees to hold harmless and indemnify the United States Government, its agents, and employees from every claim or liability (whether in tort or in contract), including attorneys' fees, court costs, and expenses, arising in direct consequence of Recipient's use of the item, including, but not limited to, claims or liabilities made for injury to or death of personnel of User or third parties, damage to or destruction of property of User or third parties, and infringement or other violations of intellectual property or technical data rights.
Nothing in this Work is intended to constitute an endorsement, explicit or implied, by the US Government of any particular manufacturer's product or service.
SIMP uses Puppet to manage and maintain the configuration of the various component systems.
Though there are many possible configurations, out of the box SIMP provides:
- Management
- Puppet Server
- PuppetDB
- MCollective
- Authentication
- OpenLDAP
- Kickstart/Update
- YUM
- DNS
- DHCP
- TFTP
All materials are copyright their respective owners unless otherwise noted.
Per Section 105 of the Copyright Act of 1976, these works are not entitled to domestic copyright protection under US Federal law.
The US Government retains the right to pursue copyright protections outside of the United States.
The United States Government has unlimited rights in this software and all derivatives thereof, pursuant to the contracts under which it was developed and the License under which it falls.
Released under the Apache License, Version 2.
- Feel free to sign up for an account here to file bugs, help track issues, or vote for your favorite feature.
- We suggest using the Agile board view to see what we're currently working on.
- It is highly suggested that you either use a non-primary e-mail for this or that you use an e-mail modifier such as (+simp).
- When signing up for a new account, use simp-project as the team name.
The SIMP Project is using GerritHub for code review activities.
- Open Changes
- Fully Reviewed Changes
- Failing Changes
- Open Mergeable Changes
- Pending Changes
- Submitted Changes
- Merged Changes
- simp : A QA Board for the general community.
- simp-users : A place for users of SIMP to ask questions, get help, and be part of the community.
- simp-dev : This list is for the development community interested in extending or contributing to the platform.
- simp-announce : Announcements for new versions and security events.
- simp-security : A place to file security related issues that will only be seen by the SIMP team.
Prior to joining a mailing list, please review our Community Code of Conduct.
Please see CONTRIBUTING for information on how to contribute to this project.
Last, but not least, this is the list of all SIMP component modules as hosted under the SIMP project space.
SIMP will be distributing RPMs via BinTray as we move forward.
Please make sure that the RPMs are properly signed with the GPG key listed below.
All officially released RPMs are signed with the SIMP Release Key
- ID: 7DA6F216
- Fingerprint: 103B 439D ADF4 AE61 FA69 98AF EE8C 77AF 7DA6 F216
The project has its own module skeleton for quickly getting up and running with the expected layout and testing framework for SIMP modules.
- pupmod-simp-acpid
- pupmod-simp-activemq
- pupmod-simp-aide
- pupmod-simp-apache
- pupmod-simp-auditd
- pupmod-simp-autofs
- pupmod-simp-backuppc
- pupmod-simp-cgroups
- pupmod-simp-clamav
- pupmod-simp-concat
- pupmod-simp-dhcp
- pupmod-simp-freeradius
- pupmod-simp-ganglia
- pupmod-simp-gfs2
- pupmod-simp-iptables
- pupmod-simp-jenkins
- pupmod-simp-kibana
- pupmod-simp-krb5
- pupmod-simp-libvirt
- pupmod-simp-logrotate
- pupmod-simp-mcafee
- pupmod-simp-mcollective
- pupmod-simp-mozilla
- pupmod-simp-multipathd
- pupmod-simp-named
- pupmod-simp-network
- pupmod-simp-nfs
- pupmod-simp-nscd
- pupmod-simp-ntpd
- pupmod-simp-oddjob
- pupmod-simp-openldap
- pupmod-simp-openscap
- pupmod-simp-pam
- pupmod-simp-pki
- pupmod-simp-polkit
- pupmod-simp-postfix
- pupmod-simp-pupmod
- pupmod-simp-rsync
- pupmod-simp-rsyslog
- pupmod-simp-selinux
- pupmod-simp-simp
- pupmod-simp-simplib
- pupmod-simp-site
- pupmod-simp-snmpd
- pupmod-simp-ssh
- pupmod-simp-sssd
- pupmod-simp-stunnel
- pupmod-simp-sudo
- pupmod-simp-sudosh
- pupmod-simp-svckill
- pupmod-simp-sysctl
- pupmod-simp-tcpwrappers
- pupmod-simp-tftpboot
- pupmod-simp-tpm
- pupmod-simp-upstart
- pupmod-simp-vnc
- pupmod-simp-vsftpd
- pupmod-simp-windowmanager
- pupmod-simp-xinetd
- pupmod-simp-xwindows
Most forks are simply to fit the materials into our build processes but some have modifications that we are looking to push back upstream when possible.
- augeasproviders
- augeasproviders_apache
- augeasproviders_base
- augeasproviders_core
- augeasproviders_grub
- augeasproviders_mounttab
- augeasproviders_nagios
- augeasproviders_pam
- augeasproviders_postgresql
- augeasproviders_puppet
- augeasproviders_shellvar
- augeasproviders_ssh
- augeasproviders_sysctl
- puppet-datacat
- puppet-elasticsearch
- puppet-gpasswd
- puppetlabs-inifile
- puppetlabs-java
- puppetlabs-java_ks
- puppet-logstash
- puppet-memcached
- puppetlabs-mysql
- puppetlabs-postgresql
- puppetlabs-puppetdb
- puppetlabs-apache
- puppetlabs-stdlib