On 2/19/14, 2:39 PM, Gary Gapinski wrote:
On 02/19/2014 11:17 AM, Jeffrey Blank wrote:
I do not want a variety of government agencies
creating Frankenstein forks of scap-security-guide.
I am unsure whether this is worthy of a fork, but read on.
I want them to use
the profiling mechanisms of XCCDF to select what they need from a single
high-quality dictionary of compliance checks (for each product for which
such content exists). One of the unstated goals of the project is to
keep the variety of government compliance machines under some control by
providing a solution which meets >95% of use cases.
Our intent is to score a subset of all checklist items but have all
items evaluated on all systems. This requires allĀ¹ <Rule>s to be
selected.
A <Profile> cannot alter the roleĀ² attribute of a <Rule> (to unscored
rather than full).
We intend to do this using a modified benchmark containing a single
<Profile>, and applying arbitrary "profiles" to the evaluation results
at a subsequent time.
Will SCAP Workbench make this any easier for you?
This is most easily done using a fork describing the necessary
changes. A fork may also ease the task of having a single checklist
for RHEL6 and RHEL7 comprised of parts common to both as well as parts
peculiar to either.
wrt a single checklist, much of that work could be accomplished by
adjusting the OVAL. Patches would be very, very welcome.
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
