-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Thu, Mar 13, 2014 at 04:40:01PM -0600, Chris Murphy wrote: > Existing NIST and Red Hat documentation on OpenSCAP says that it's for > enterprise-level Linux infrastructure. Is any Fedora 21 product targeted > mainly for enterprise deployment? Is OpenSCAP being retargeted for general > purpose level infrastructure. If so, will (or should) at least a significant > minority, say 33%, of GUI installer using end-users make use of this feature?
Coming from someone who used to have to configure systems to meet DISA STIG requirements I applaud this feature. One can use the same SCAP rules to audit their system later to look for changes in the system. Looking beyond the existing offerings of NIST-specific compliance, one can write their own rules for configuring their systems at install. I wouldn't look at this feature to only be useful for enterprise-level installations but rather flexible enough for any installation. > What does setting a security profile in Anaconda achieve that can't be done, > or done as effectively, post-install? You could have similar results using a kickstart file or some sort of script post-install but you'd end up duplicating the work to create the rules for install and auditing. I won't comment on the ease of using one over the other. - -- Eric - -------------------------------------------------- Eric "Sparks" Christensen Fedora Project spa...@fedoraproject.org - spa...@redhat.com 097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1 - -------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCgAGBQJTIk7vAAoJEB/kgVGp2CYvs78L/0Ft+nmGsaeiY6KZEDuwXFyL bEk3hOsPs/HkQvRz3BXfLHnKuy1P7tptVXIjzrWmiAU/uWrMpBPo2a79mQAvbJDR V9PqfSF7xTbXt5m6wfvDwgMoqn1bF3lrmC9s+fZYQi2UGjR820swUdoB+TJnmPVt E68Ty8I1Eeeeh92JOZrh26hUcyvVEqo7iuV8RtRsjkwEHi/PiUYmOloOoLoYprOW 0vkcd4u+rDwp8Wl+NoElL48Q/i1m5lt5gLTxBn1m22vw9H9Y3/vMcrLMXQlNMS0W c1xdOLeWlUdfN0imtiy9kw8mPl9urZw7PcVX4x3BcQlm4Hs8nWG27t1pL1uQGbuF EnvsnK7q1wTUIusv9uDmJAphDulljEq1BYEXmfZjvS+6tcx8zD4i9PG7Q5JsyWbZ FhHmKMgg6xCA8GUN4AEYEAUHFR86kgqAGaaGOL7J+oA5i9JT++/pWEae+eNjcskw Y84/kexmFSd0mHqwHaMtKEVRVdkwmxdcnoA0YvGMHA== =8Xoo -----END PGP SIGNATURE----- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
