Hi Tim, The SIMP project automated running the SSG against test nodes using Beaker from Puppet to tie into our CI/CD process.
This is what had to happen to ensure that all derivative profiles contain all content for testing purposes. https://github.com/simp/rubygem-simp-beaker-helpers/blob/master/lib/simp/beaker_helpers/ssg.rb#L285-L293 Trevor On Thu, Aug 1, 2019 at 9:43 AM Tim Burress <[email protected]> wrote: > Hello! > I'm still learning my way around the directory tree and the build system > and have a couple of questions. For historical reasons, we typically use > CentOS on our servers, and I see that, instead of having its own product > tree, CentOS is considered a derivative of RHEL. I suppose the reasons for > that are pretty obvious, though it does create a bit of a problem when > trying to do something specific to CentOS. One question I have about the > way things are set up now, though, is that, although the XCCDF for RHEL7 > defines 12 profiles, the XCCDF for CentOS only defines 2. I've grep'ed my > way around the build system trying to figure out where the logic for that > is, but haven't had any luck. Could someone point me to the right place? > > What we want to do, ultimately, is define several new profiles that would > be applied to CentOS within our organization, depending on the risk level > of the system. The baseline for this would be close to the RHEL7 CUI > profile, with a few obvious exceptions. Given the special status of CentOS > as a derivative of RHEL, do you have any suggestions for a good way to do > that? I'm guessing we'd have to define the profiles in rhel7/profiles, but > then use some logic somewhere (nice and vague...) to apply them to CentOS > so they end up in the CentOS XCCDF and DS, but rather than trial-and-error > I thought I would just ask. > > Along the way we'll probably write some OVAL content and rules to handle > local situations and would be happy to contribute those if they would be > useful. > > Thanks! > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
