I think that it's valuable since it's a more correct check. Also, if FIPS checking is the next killer feature, well.....
On Mon, Oct 29, 2018, 10:57 PM Shawn Wells <[email protected]> wrote: > > > On 10/29/18 4:11 PM, Mark Thacker wrote: > > AHHH. > > Well, checking the signatures of the RPMs verses what we posted in the > > certification would be a start. (sorry, manual there unless you > > automate using Ansible or OpenSCAP perhaps) > > You can check that the kernel is running in FIPS mode, of course, but > > I'm not sure that's all you want to check. > Current content evaluates FIPS enablement (e.g grub fips=1). > > We can *easily* enhance these checks to ensure the appropriate RPMs are > installed to. If this would be valuable, it's very very quick/trivial to > do. > > > BTW : That process of checking that the system is configured in FIPS > > does get easier in the future..... > hayyyyy I thought the first rule of $thingThatShallNotBeNamed was to not > talk about $thingThatShallNotBeNamed in public? Don't worry, I won't tell > ;) > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
