On 2/11/19 7:38 PM, Steve Grubb wrote:
On Thursday, February 7, 2019 1:23:58 PM EST Shawn Wells wrote:
So then, to rephrase the question, when will there be OVAL
tests/subjects/states/items for OpenShift, akin to how there are for
systemd and SELinux?
Those were created specifically to address problems in drafting content for
the USGCB settings a long time ago. They were created because there was no
other good way of getting the information.
Would be extremely surprising to learn this process hasn't been started
already, but getting the sense it hasn't been. Not really sure who to
direct the question to.... likely Marek and Matej?
Things aren't created until there's a demonstrated need. What are the
underlying configuration that you are trying to read? What parts of the config
are needed? Where is this information kept?
Seems like there is a ever growing backlog of probes that need creation.
Quick examples of polling dconf db, and parsing "oc get" commands for
OpenShift settings. Neither keeps their state in config files so need to
use those commands specifically.
Just wanted to show how the systemd tests were created:
http://making-security-measurable.1364806.n2.nabble.com/Proposal-for-OVAL-5-11-systemd-test-td7583274.html
There was some discussion about what the intended use would be. What
questions would the test answer? Then some discussion about syntax and
attribute vs elements, etc. Right now, I think anyone that could help needs a
little better definition of the problem you are seeing.
Excellent. Thank you -- will review to help me learn the correct
vernacular.
At this point, getting the impression there's been zero work on creating
OpenShift probes though.
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list
