P { MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px }
Please excuse my OWA induced top post.Thank you for the information. I found the dconf pull request (#229 https://github.com/OpenSCAP/scap-security-guide/pull/229). Should discussion occur in the comments on github or on the list? I'll start new threads to separate the discussion for chrony/ntp and iptables/firewalld. -Nick -- Nicholas P. Crawford Senior UNIX Systems Administrator contractor, General Dynamics Information Technology NVESD Network Services Branch, US Army email: [email protected] comm: (703) 704-2299 dsn: (312) 654-2299 cell: (571) 225-1283 From: [email protected] [[email protected]] on behalf of Gabe Alford [[email protected]] Sent: Saturday, October 04, 2014 12:43 To: SCAP Security Guide Subject: Re: RHEL 7 Direction On Fri, Oct 3, 2014 at 5:08 PM, Shawn Wells <[email protected]> wrote: On 10/3/14, 3:31 PM, Crawford, Nicholas P CTR USARMY CERDEC (US) wrote: > > Greetings, > > > > I had a couple of questions about the direction the RHEL 7 SSG will be > going; > > > > Particularly with the below new subsystems in 7; > > gconf vs dconf (GNOME 2 vs GNOME 3) Some applications do use gconf still, but I believe gnome requires dconf in RHEL7 since it is GNOME3. There is an existing pull request for converting most of the gconf settings to dconf. > Has there been a decision on how to check and remediate with dconf? > iptables vs firewalld iptables and firewalld conflict each other so one or the other (preferably firewalld). > Has there been a decision on which method will go forward for > check / remediation? > chrony vs ntpd No decision has been made on this as I am aware. > Has there been a decision on which to use and which will go > forward for check / remediation? > Actually, there hasn't been much conversation on this. Thanks for starting the conversation! IMO, we should start with system defaults as first/primary goal, then enable secondary configs in future passes. aka, address firewalld first then iptables. If we're able to get both done at the same time, then great -- but focus should be on system default first. What does everyone think of such an approach? +1 -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
smime.p7s
Description: S/MIME cryptographic signature
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
