----- Original Message ----- > From: "Trevor Vaughan" <[email protected]> > To: "SCAP Security Guide" <[email protected]> > Sent: Monday, October 31, 2016 4:42:51 PM > Subject: Integration Etiquitte > > Hi All, > > After much delaying, we're hoping to start integrating our SIMP-specific > methods for meeting the various policy requirements directly into the SSG. > > Unfortunately, this is providing to be a bit hairy and I'd like to know > what you would prefer. > > ## Option 1: Fork the Entire RHEL base into SIMP/{6,7} etc... > > - We're not another OS, we're a specific (flexible) configuration set for > RHEL and/or CentOS > > - I'd really like to avoid this > > ## Option 2: Muck about directly in the RHEL space > > - This is my preference and I can 100% start with a set of profiles that > mirror the existing profiles. I guess this would be prefaced with 'simp'. > So, simp-C2S.xml, simp-pci-dss.xml, etc... > > - We will also need to add alternate OVAL checks that are specific to SIMP. > For instance, per policy, our auditd file is optimized, this means that > none of the included checks will pass and we need alternate checks. > > And no, in general, there is no way to determine if you're on a SIMP system > unless it's the Puppet Server. It's just RHEL.
Could you please send an example of the differences between simp-pci-dss and pci-dss profiles. -- Martin Preisler Identity Management and Platform Security | Red Hat, Inc. _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
