----- Original Message ----- > From: "Shawn Wells" <[email protected]> > To: [email protected] > Sent: Friday, December 6, 2013 3:31:45 PM > Subject: Re: [PATCH] [Shared] Add initial shared OVAL check for 'Verify > that Shared Library Files Have Restrictive > Permissions' rule [was: [PATCH] [RFC] Creating shared bash script > directory] > > Ack - pls push
Thanks a lot. Pushed as: https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=b8bcb23975e605e6f5dc5e69fe158c85c39d93f6 Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > --- > Shawn Wells > Director, Innovation Programs > [email protected] | 443.534.0130 > @shawndwells > > > On Dec 6, 2013, at 5:56 AM, Jan Lieskovsky <[email protected]> wrote: > > > > Hello folks, > > > > can I go ahead and push this patch upstream? > > > > Right now it doesn't touch RHEL-6 code at all (RHEL-6 can > > be attached later via symlinks to existing tests and providing > > attestations). > > > > But having this in upstream repo could simplify the approach > > to me (not to need to keep two separate local git streams), > > and focus on fixing further child bugs which might arise when > > trying to implement this (like the already mentioned "platform" > > XSLT transformation, checking for presence of attestation for > > that platform, the -devel option etc.) > > > > RHEL-6 can start joining this scheme later gradually moving > > selected rules they to be used / obtained from the shared directory > > (once confirmed for work on RHEL-6 too). > > > > And should this have shown as to be a non-viable way, we can > > always return back to the old (OVAL checks pre product) schema > > later just by moving the checks and removing the symlinks (whole > > /shared content). > > > > Would this be just Fedora specific change, would go ahead and push > > (and count with the responsibility that if some issue is found > > later, I will need to fix it). > > > > But since it introduces new main directory structure, would > > like to have your blessing first / prior doing that. > > > > Thank you && Regards, Jan. > > -- > > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > > ----- Original Message ----- > >> From: "Jan Lieskovsky" <[email protected]> > >> To: [email protected] > >> Sent: Thursday, December 5, 2013 7:53:22 PM > >> Subject: [PATCH] [Shared] Add initial shared OVAL check for 'Verify that > >> Shared Library Files Have Restrictive > >> Permissions' rule [was: [PATCH] [RFC] Creating shared bash script > >> directory] > >> > >> > >> Based on thread: > >> > >> https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-December/thread.html#4585 > >> > >> this patch adds first OVAL check into scap-security-guide/shared/oval > >> directory > >> and modifies main Makefile wrt to building Fedora packages it to include > >> OVAL > >> checks directly provided in input/checks directory, together with those > >> linked > >> from shared/ directory. > >> > >> For now didn't change the value of <platform> element (didn't implement > >> the > >> XSLT transformation it to be modified automatically based on underlying > >> system > >> version content is build at) - will do this in next steps, once we have > >> agreed > >> on the expected form of test_attestation element. > >> > >> Passed basic sanity && regression testing on Fedora system. > >> > >> RHEL-6 content has been intentionally kept intact till the moment, we are > >> sure > >> about the final shared OVAL check form. > >> > >> Please review. > >> > >> Thank you && Regards, Jan. > >> -- > >> Jan iankko Lieskovsky / Red Hat Security Technologies Team > >> > >> _______________________________________________ > >> scap-security-guide mailing list > >> [email protected] > >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > _______________________________________________ > > scap-security-guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
