Ack - pls push --- Shawn Wells Director, Innovation Programs [email protected] | 443.534.0130 @shawndwells
> On Dec 6, 2013, at 5:56 AM, Jan Lieskovsky <[email protected]> wrote: > > Hello folks, > > can I go ahead and push this patch upstream? > > Right now it doesn't touch RHEL-6 code at all (RHEL-6 can > be attached later via symlinks to existing tests and providing > attestations). > > But having this in upstream repo could simplify the approach > to me (not to need to keep two separate local git streams), > and focus on fixing further child bugs which might arise when > trying to implement this (like the already mentioned "platform" > XSLT transformation, checking for presence of attestation for > that platform, the -devel option etc.) > > RHEL-6 can start joining this scheme later gradually moving > selected rules they to be used / obtained from the shared directory > (once confirmed for work on RHEL-6 too). > > And should this have shown as to be a non-viable way, we can > always return back to the old (OVAL checks pre product) schema > later just by moving the checks and removing the symlinks (whole > /shared content). > > Would this be just Fedora specific change, would go ahead and push > (and count with the responsibility that if some issue is found > later, I will need to fix it). > > But since it introduces new main directory structure, would > like to have your blessing first / prior doing that. > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > ----- Original Message ----- >> From: "Jan Lieskovsky" <[email protected]> >> To: [email protected] >> Sent: Thursday, December 5, 2013 7:53:22 PM >> Subject: [PATCH] [Shared] Add initial shared OVAL check for 'Verify that >> Shared Library Files Have Restrictive >> Permissions' rule [was: [PATCH] [RFC] Creating shared bash script >> directory] >> >> >> Based on thread: >> >> https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-December/thread.html#4585 >> >> this patch adds first OVAL check into scap-security-guide/shared/oval >> directory >> and modifies main Makefile wrt to building Fedora packages it to include OVAL >> checks directly provided in input/checks directory, together with those >> linked >> from shared/ directory. >> >> For now didn't change the value of <platform> element (didn't implement the >> XSLT transformation it to be modified automatically based on underlying >> system >> version content is build at) - will do this in next steps, once we have >> agreed >> on the expected form of test_attestation element. >> >> Passed basic sanity && regression testing on Fedora system. >> >> RHEL-6 content has been intentionally kept intact till the moment, we are >> sure >> about the final shared OVAL check form. >> >> Please review. >> >> Thank you && Regards, Jan. >> -- >> Jan iankko Lieskovsky / Red Hat Security Technologies Team >> >> _______________________________________________ >> scap-security-guide mailing list >> [email protected] >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
