Documentation
¶
Overview ¶
Package stig provides a compliance plugin for STIG security controls.
Index ¶
- Constants
- type LoggingStatus
- type Plugin
- func (sp *Plugin) Description() string
- func (sp *Plugin) EvaluatedControlIDs(_ *common.CommonDevice) []string
- func (sp *Plugin) GetControlByID(id string) (*compliance.Control, error)
- func (sp *Plugin) GetControls() []compliance.Control
- func (sp *Plugin) Name() string
- func (sp *Plugin) RunChecks(device *common.CommonDevice) []compliance.Finding
- func (sp *Plugin) ValidateConfiguration() error
- func (sp *Plugin) Version() string
Constants ¶
const (
// MaxDHCPInterfaces represents the maximum number of DHCP interfaces before flagging as unnecessary.
MaxDHCPInterfaces = 2
)
STIG compliance thresholds used to evaluate service hardening controls.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type LoggingStatus ¶
type LoggingStatus int
LoggingStatus represents the result of logging configuration analysis.
const ( // LoggingStatusNotConfigured indicates no logging configuration is detected. LoggingStatusNotConfigured LoggingStatus = iota // LoggingStatusComprehensive indicates comprehensive logging is properly configured. LoggingStatusComprehensive // LoggingStatusPartial indicates logging is partially configured but missing critical components. LoggingStatusPartial // LoggingStatusUnableToDetermine indicates logging status cannot be determined due to model limitations. LoggingStatusUnableToDetermine )
LoggingStatus values classify the device's logging posture for STIG compliance evaluation.
type Plugin ¶
type Plugin struct {
// contains filtered or unexported fields
}
Plugin implements the compliance.Plugin interface for STIG plugin.
func (*Plugin) Description ¶
Description returns the plugin description.
func (*Plugin) EvaluatedControlIDs ¶ added in v1.4.0
func (sp *Plugin) EvaluatedControlIDs(_ *common.CommonDevice) []string
EvaluatedControlIDs returns the IDs of controls this plugin can evaluate. All 10 STIG controls can be evaluated from config.xml data: the original 4 check firewall rules/services/syslog, V-206701 checks rate-limiting fields, V-206680/679/678/681 check syslog enablement, V-206711 checks IDS presence.
func (*Plugin) GetControlByID ¶
func (sp *Plugin) GetControlByID(id string) (*compliance.Control, error)
GetControlByID returns a specific control by ID.
func (*Plugin) GetControls ¶
func (sp *Plugin) GetControls() []compliance.Control
GetControls returns all STIG controls. The returned slice is a deep copy to prevent callers from mutating the plugin's internal state, including nested reference types (References, Tags, Metadata).
func (*Plugin) RunChecks ¶
func (sp *Plugin) RunChecks(device *common.CommonDevice) []compliance.Finding
RunChecks performs STIG compliance checks.
func (*Plugin) ValidateConfiguration ¶
ValidateConfiguration validates the plugin configuration.
Source Files