On 11/26/19 9:05 AM, Kern, Thomas (CONTR) wrote:
Having the openscap tools available is great. I know that it is difficult to provide each distribution with SCAP control files to check for all compliance settings. It would be nice if there were SCAP control files for a 'Linux distribution independent' compliance scan, checking the setting of the most common compliance issues across all variations of Linux.
Has been discussed. Creating such content would be very cumbersome -- most linux distros keep things in different places (e.g. Fedora vs RHEL vs Ubuntu vs SLES), or have different implementations (AppArmor vs SELinux).
While SCAP does support if-clauses ("If SuSE, check AppArmor; elif RHEL, check SELinux") there hasn't been a development community form to take on that work. Patches welcome if someone wants to begin though!
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
