1) Change probe architecture: Currently our probe system have individual binaries for each OVAL object, making it more complex and harder to maintain/debug due to IPC, the historical reasons to this is to be able to use tailored SELinux policies for each probe, which makes sense but sadly we never implemented those policies. My proposal is to avoid having multiple binaries for Windows environments and make object collecting easier with a single probe which handles all objects. * Extra: Changing Linux to a single-probe would be interesting too, feel free to comment on this topic too!
+1 for this, I assume you are going to use native win32 api? Have you started a branch for this? I am pretty interested. Cheers, - Calvin On Fri, Feb 3, 2017 at 4:28 PM, Raphael Sanchez Prudencio < [email protected]> wrote: > Hello, > > I'm planning some effort towards Windows support for OpenSCAP and I'd > like to discuss a few topics so we can have an architecture that pleases > both users and developers. > > 1) Change probe architecture: > > Currently our probe system have individual binaries for each OVAL > object, making it more complex and harder to maintain/debug due to IPC, > the historical reasons to this is to be able to use tailored SELinux > policies for each probe, which makes sense but sadly we never > implemented those policies. My proposal is to avoid having multiple > binaries for Windows environments and make object collecting easier with > a single probe which handles all objects. > * Extra: Changing Linux to a single-probe would be interesting too, feel > free to comment on this topic too! > > > 2) Make it possible to implement/extend object collecting with Lua > > My idea here is to make it easier to implement new (custom) objects or > to extend/modify existing ones using Lua, interfacing it with all needed > underlying API for Windows probes like WMI-related objects. Also would > enable remote scan features such as making extended probes that would > report only Pass/Fail like Thin Results, which would be really > interesting for a remote scan in a big infrastructure. > Lua Virtual Machine is around 100-200kb, it would be really light and > easy to send it through the network along with Lua probes for remote > scanning with dissolvable agents which is another plus, not needing > openscap installed on target machines and deleting the agent after scan. > > > I think these are huge and audacious changes that would be more > interesting than just simply implementing Windows probes in the current > probe system as is. I'd like to hear feedback from our users, > developers, maintainers, everyone. > > > Thanks > -- > Raphael Sanchez Prudencio > Security Technologies | Red Hat, Inc. > > _______________________________________________ > Open-scap-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/open-scap-list > -- ------------------------------ Calvin Hartwell *Red Hat, Inc.* |Infrastructure Consultant - EMEA GPS Peninsular House, 30-36 Monument Street, 4th Floor, London, EC3R 8NB. *☏ Mobile:* +44 (0) 7917052881 | *✉ Email: [email protected] <[email protected]>*
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
