On 10/3/14, 3:31 PM, Crawford, Nicholas P CTR USARMY CERDEC (US) wrote: > > Greetings, > > > > I had a couple of questions about the direction the RHEL 7 SSG will be > going; > > > > Particularly with the below new subsystems in 7; > > gconf vs dconf (GNOME 2 vs GNOME 3) > > Has there been a decision on how to check and remediate with dconf? > iptables vs firewalld > > Has there been a decision on which method will go forward for > check / remediation? > chrony vs ntpd > > Has there been a decision on which to use and which will go > forward for check / remediation? >
Actually, there hasn't been much conversation on this. Thanks for starting the conversation! IMO, we should start with system defaults as first/primary goal, then enable secondary configs in future passes. aka, address firewalld first then iptables. If we're able to get both done at the same time, then great -- but focus should be on system default first. What does everyone think of such an approach? -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
