Hello Trevor, this feature would be nice to have and it can be definitely implemented in SSG. I would suggest to have a rule for it but I would not include it into any profile by default as this option currently causes issues with other components (see https://wiki.archlinux.org/index.php/security#hidepid). This way we can provide a possibility for users to include it into their profiles using tailoring if they really want to.
Regards, Matus Marhefka On Tue, Sep 4, 2018 at 4:41 PM, Trevor Vaughan <[email protected]> wrote: > I've had this feature request open for a while at > https://github.com/OpenSCAP/scap-security-guide/issues/1648 suggesting > that hidepid=2 be added to /proc to help meet the AC-3 and AC-6 controls. > > As we approach EL8 (I think), I'd like to have this discussion since this > capability has shown to be valuable in a practical way on multi-user > systems. > > Thanks, > > Trevor > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 x788 > > -- This account not approved for unencrypted proprietary information -- > > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/scap- > [email protected] > >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
