On Fri, Oct 3, 2014 at 5:08 PM, Shawn Wells <[email protected]> wrote:
> On 10/3/14, 3:31 PM, Crawford, Nicholas P CTR USARMY CERDEC (US) wrote: > > > > Greetings, > > > > > > > > I had a couple of questions about the direction the RHEL 7 SSG will be > > going; > > > > > > > > Particularly with the below new subsystems in 7; > > > > gconf vs dconf (GNOME 2 vs GNOME 3) > Some applications do use gconf still, but I believe gnome requires dconf in RHEL7 since it is GNOME3. There is an existing pull request for converting most of the gconf settings to dconf. > > Has there been a decision on how to check and remediate with dconf? > > iptables vs firewalld > iptables and firewalld conflict each other so one or the other (preferably firewalld). > > Has there been a decision on which method will go forward for > > check / remediation? > > chrony vs ntpd > No decision has been made on this as I am aware. > > Has there been a decision on which to use and which will go > > forward for check / remediation? > > > > > > Actually, there hasn't been much conversation on this. Thanks for > starting the conversation! > > IMO, we should start with system defaults as first/primary goal, then > enable secondary configs in future passes. aka, address firewalld first > then iptables. > > If we're able to get both done at the same time, then great -- but focus > should be on system default first. > > What does everyone think of such an approach? > +1 > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
