Sorry for the double post but I just realized that I forgot to ask about the acceptance of SCE in the core SSG.
There are some things I just can't check without SCE such as: * OpenLDAP configuration items * Running IPTables Rules * Running Auditd Rules * Certs and settings in GnuTLS keystores Thanks, Trevor On Mon, Oct 31, 2016 at 4:42 PM, Trevor Vaughan <[email protected]> wrote: > Hi All, > > After much delaying, we're hoping to start integrating our SIMP-specific > methods for meeting the various policy requirements directly into the SSG. > > Unfortunately, this is providing to be a bit hairy and I'd like to know > what you would prefer. > > ## Option 1: Fork the Entire RHEL base into SIMP/{6,7} etc... > > - We're not another OS, we're a specific (flexible) configuration set for > RHEL and/or CentOS > > - I'd really like to avoid this > > ## Option 2: Muck about directly in the RHEL space > > - This is my preference and I can 100% start with a set of profiles that > mirror the existing profiles. I guess this would be prefaced with 'simp'. > So, simp-C2S.xml, simp-pci-dss.xml, etc... > > - We will also need to add alternate OVAL checks that are specific to > SIMP. For instance, per policy, our auditd file is optimized, this means > that none of the included checks will pass and we need alternate checks. > > And no, in general, there is no way to determine if you're on a SIMP > system unless it's the Puppet Server. It's just RHEL. > > Advice appreciated. > > Thanks, > > Trevor > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 x788 > > -- This account not approved for unencrypted proprietary information -- > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
