{"id":22668513,"url":"https://github.com/lanl/rhelhostinfo","last_synced_at":"2025-07-25T00:38:54.112Z","repository":{"id":141730963,"uuid":"475176232","full_name":"lanl/rhelhostinfo","owner":"lanl","description":"Use the host-as-sensor model to enumerate security-relevant information about a RHEL host and the surrounding network, identifying and reporting changes via syslog. Written in python3.","archived":false,"fork":false,"pushed_at":"2022-05-26T17:19:43.000Z","size":166,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-03-29T10:43:31.720Z","etag":null,"topics":["continuous-monitoring","cybersecurity","host-discovery","host-monitoring","information-security","network-security","network-security-monitoring","python3","redhat-enterprise-linux","redhat7","redhat8","security"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lanl.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-28T20:56:10.000Z","updated_at":"2023-09-19T01:26:55.000Z","dependencies_parsed_at":null,"dependency_job_id":"01b9f2f1-2995-4d2e-816e-f27b14c16cfe","html_url":"https://github.com/lanl/rhelhostinfo","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/lanl/rhelhostinfo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lanl%2Frhelhostinfo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lanl%2Frhelhostinfo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lanl%2Frhelhostinfo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lanl%2Frhelhostinfo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lanl","download_url":"https://codeload.github.com/lanl/rhelhostinfo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lanl%2Frhelhostinfo/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266931929,"owners_count":24008445,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-24T02:00:09.469Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["continuous-monitoring","cybersecurity","host-discovery","host-monitoring","information-security","network-security","network-security-monitoring","python3","redhat-enterprise-linux","redhat7","redhat8","security"],"created_at":"2024-12-09T15:15:36.329Z","updated_at":"2025-07-25T00:38:54.084Z","avatar_url":"https://github.com/lanl.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"`Approved for open-source release via C21099 / C22007 as rhelhostinfo v1.x, authored by Skip McGee`\n\n## Abstract:\n\u003cpre\u003e\nrhelhostinfo v1.X adds some functionality to the existing rhelhostinfo project by enumerating host configuration information and \nidentifying changes over time. It provides a framework that allows organizations to modify the application \nfunctionality for their own requirements, to add python scripting as needed or desired, including the ability to configure \nor return a host to DoD STIG specifications, or to implement lynis configuration, identify user command-line history, \nenumerate the local OSI layer 3 environment, identify and assist with configuring the host firewall, \nconduct limited packet capture and identify relevant network information. It uses the host-as-sensor model \nto enumerate security-relevant information about the host and the surrounding network and report relevant changes. \n\u003c/pre\u003e\n\n## Objective\n\u003cpre\u003e\nrhelhostinfo primarily provides passive host inventory and change detection via the --checkconfig option \nand active host inventory and change detection on an IPv4 /24 network segment via the --scan option. \nAdditionally, the application provides enumeration of Red Hat host configuration vulnerabilities via the Lynis --lynis \noption and DISA STIG evaluation and/or remediation via the openscap project with tailoring files that can be edited for \norganizational needs. rhelhostinfo provides an easy mechanism and architecture to deploy python scripting across an enterprise's \nRed Hat hosts for monitoring and detection purposes. This includes a --everyday and a --weekly option to enable \ntailoring to needs and desires as appropriate. Finally, the data generated by the rhelhostinfo application is sent via syslog \nto an enterprise log server for parsing, alerting, reporting and display.  \n\u003c/pre\u003e\n\n## Requirements\n\u003cpre\u003e\n1. The syslog client (rsyslog / syslog-ng) is configured and functional on your RHEL host\n2. If use of the openscap functionality is desired, use the openscap guide at:\n`https://www.open-scap.org/resources/documentation/customizing-scap-security-guide-for-your-use-case/` \nto develop (and test!) tailoring files and place them in the `scap_tailoring`directory. \nSubstitute in your organization's name for the profile variables in app/openscap.py\n3. Use the provided gitlab-ci.yml to build a binary/rpm on your gitlab infrastructure\n\u003c/pre\u003e\n\n## Useage:\n1. Use the latest rpm artifact to the [workflow](https://github.com/lanl/rhelhostinfo/actions/workflows/rpmbuild.yml) or fork this repo and build your own rpm!\n2. Install the rpm `rpm -Uvh \u003cpath_to_rpm\u003e`\n3. To run via the installed rpm:\n`rhelhostinfo --help`\n\u003cpre\u003e\nusage: rhelhostinfo [options]\n\nrhelhostinfo v1.X provides cybersecurity / host monitoring functionality for\ndetection of configuration vulnerabilities, remediation, identification of\nhost changes and user activity.\n\noptional arguments:\n  -h, --help           show this help message and exit\n  -c, --checkconfig    Check the local host for configuration changes\n  -d, --debug          Debug granularity for application troubleshooting\n  -e, --everyday       Actions to conduct every day\n  -g, --generate       Generate oscap remediation script\n  -l, --list           Parse splunk output\n  -o, --oscap          Report the oscap findings for the host and view html report\n  -r, --remediate      Remediate the host to comply with STIG content\n  -s, --scan           Scan the local network\n  -v, --verbose        Add verbose output to console.\n  -w, --weekly         Weekly enumeration of host information\n  -y, --lynis          Implement Lynis system configuration checks\n\u003c/pre\u003e\n\n2. To run natively in python3:\n+ `yum install rh-python38`\n+ `python3 -m venv venv`\n+ `source venv/bin/activate`\n+ `python3 -m pip install --upgrade -r requirements.txt`\n+ `python3 main.py --help`\n\n## Project Tree:\n\u003cpre\u003e\n├── app\n│   ├── __init__.py\n│   ├── rhelhostinfo.py\n│   ├── rhelsknr.py\n│   ├── key.key\n│   ├── log.conf\n│   ├── openscap.py\n│   ├── state.py\n│   └── syslog.conf\n├── CHANGELOG\n├── CONTRIBUTING.md\n├── current_rpms\n│   └── x86_64\n│       ├── rhelhostinfo-*-*.*.el7.x86_64.rpm\n│       └── rhelhostinfo-*-*.*.el8.x86_64.rpm\n├── __init__.py\n├── LICENSE\n├── main.py\n├── pyinstaller\n│   └── rhelhostinfo.bin.spec\n├── pytest\n│   └── test_initial.py\n├── README.md\n├── requirements.txt\n├── rpmbuild\n│   └── rhelhostinfo.spec\n├── sast\n│   ├── bandit_improvements.txt\n│   └── flake8_improvements.txt\n├── scripts\n│   ├── netsane.sh\n│   ├── rh_python38_setup.sh\n│   ├── scap_report_viewer.sh\n├── scap_tailoring\n│   ├── rhel7-gui-tailoring.xml\n│   ├── rhel7-no-gui-tailoring.xml\n│   ├── rhel7-rhev-tailoring.xml\n│   ├── rhel8-gui-tailoring.xml\n│   └── rhel8-no-gui-tailoring.xml\n└──Software_Bill_of_Materials.md\n\u003c/pre\u003e\n\n2. To run natively in python3:\n+ `yum install rh-python38`\n+ `python3 -m venv venv`\n+ `source venv/bin/activate`\n+ `python3 -m pip install --upgrade -r requirements.txt`\n+ `python3 main.py --help`\n+ `python3 main.py \u003coption\u003e`\n\n## Additional resources and references:\n+ [openscap project](https://www.open-scap.org/)\n+ [lynis](https://cisofy.com/lynis/)\n\n## Still to do / functionality to add:\n1. Consider scapy for limited packet capture / scripting options?\n - Consider: https://github.com/SecurityNik/pktIntel\n - Consider: https://drive.google.com/file/d/0B0qDfJ30s2I9bXVwX3VXNzBOMzA/edit?resourcekey=0-oqLLcXC14yCT5uzRUt9gcg\n2. Consider p0f / PRADS\n3. Add directory or file encryption for application .ini files \n4. Add verbose and debug options\n5. Add pytest tests\n6. Parse the RHEL sw vuln xml report for vulns and send via syslog\n7. Test remediation option tailoring\n8. Add scan types and subnet as sub-args for the scan option\n9. Consider potential for incorporating PEASS: https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flanl%2Frhelhostinfo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flanl%2Frhelhostinfo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flanl%2Frhelhostinfo/lists"}