Jan, Thanks for the detailed response. Very helpful!
Greg On Thu, May 7, 2015 at 2:17 PM, Jan Lieskovsky <[email protected]> wrote: > > Hello Greg, > > ----- Original Message ----- > > From: "Greg Elin" <[email protected]> > > To: "SCAP Security Guide" <[email protected]> > > Sent: Thursday, May 7, 2015 7:24:07 PM > > Subject: Re: Porting RHEL6 XCDDF Profiles to RHEL7 > > > > Gabe, > > > > Thanks. That is helpful. > > > > So it comes down to Knowledge of -- and testing by -- developer that > RHEL6 > > test applies to RHEL7? > > See my previous reply. But basically IMHO to be able to specify the scope > of the work that needs to be done, we first need to separate RHEL-6 rules > working without change (or small change) on RHEL-7 too from those, which > either aren't implemented for RHEL-7 yet or would require substantial > change > just because the underlying system component changed substantially across > the two products (so yes, this stage includes a lot of testing on RHEL-7 > product). > > Once this stage is finished (we have profiles ported with not working rules > commented out), we can proceed to the second stage - actual implementation > of the missing rules they to work properly on RHEL-7 too (of course the > motivation when commenting the rules isn't they not to be available for > scanning on RHEL-7, just to indicate they aren't working properly right > now, > and are to be included later once those issues are fixed). > > Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > > > Greg Elin > > P: 917-304-3488 > > E: [email protected] > > > > Sent from my iPhone > > > > On May 7, 2015, at 1:02 PM, Gabe Alford < [email protected] > wrote: > > > > > > > > > > Greg, > > > > I don't think that it should be too much of a problem migrating the > profiles. > > See https://github.com/OpenSCAP/scap-security-guide/pull/550 for an > example. > > > > Gabe > > > > On Thu, May 7, 2015 at 10:42 AM, Greg Elin < [email protected] > > > wrote: > > > > > > > > Fend and I are looking at moving a client from AWS Linux to RHEL7. > > > > We are trying to figure how we can help migrate the existing RHEL6 XCCDF > > profiles to RHEL7? > > > > A number of the baseline profiles available in RHEL6 package (e.g. USGCB > and > > RHEL6-Server are not currently available in either the RHEL7 SSG package > or > > the RHEL7 SSG built from source. > > > > I've skimmed the issues and the wiki pages and did not seen anything > exactly > > on topic for the profiles. > > > > - Can these RHEL6 profiles easily be ported to RHEL7, or is it a big > tasks > > b/c of significant changes between 6 and 7? > > > > - I'm treating the RHEL7 STIG as a separate baseline project from these > other > > pre-existing RHEL6 baselines (with some overlap, of course). Is that > right > > way or wrong way to think about it? > > > > - Does it make sense to put together a how to and/or coordination page to > > discuss the availability and porting of profiles? Fen and I would like to > > help, but want tackle the problem efficiently. > > > > - Is there an overall timeline or plan for managing the XCCDF profiles? > > > > Thanks. > > > > Greg > > > > > > -- > > SCAP Security Guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > https://github.com/OpenSCAP/scap-security-guide/ > > > > > > > > > > -- > > SCAP Security Guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > https://github.com/OpenSCAP/scap-security-guide/ > > > > -- > > SCAP Security Guide mailing list > > [email protected] > > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > https://github.com/OpenSCAP/scap-security-guide/ > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ >
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
