Hello Calvin, On 02/09/2017 01:20 PM, Calvin Hartwell wrote: > 1) Change probe architecture: > > Currently our probe system have individual binaries for each OVAL > object, making it more complex and harder to maintain/debug due to IPC, > the historical reasons to this is to be able to use tailored SELinux > policies for each probe, which makes sense but sadly we never > implemented those policies. My proposal is to avoid having multiple > binaries for Windows environments and make object collecting easier with > a single probe which handles all objects. > * Extra: Changing Linux to a single-probe would be interesting too, feel > free to comment on this topic too! > > +1 for this, I assume you are going to use native win32 api? Yes, we'll use native WIN32 API for Windows objects. > > Have you started a branch for this? I am pretty interested. I'm going to make pull request in master branch for now, but we can create a specific branch for that as well. Nice to see more people interested on this effort :) > > Cheers, > > - Calvin > > On Fri, Feb 3, 2017 at 4:28 PM, Raphael Sanchez Prudencio > <rspruden...@redhat.com <mailto:rspruden...@redhat.com>> wrote: > > Hello, > > I'm planning some effort towards Windows support for OpenSCAP and I'd > like to discuss a few topics so we can have an architecture that pleases > both users and developers. > > 1) Change probe architecture: > > Currently our probe system have individual binaries for each OVAL > object, making it more complex and harder to maintain/debug due to IPC, > the historical reasons to this is to be able to use tailored SELinux > policies for each probe, which makes sense but sadly we never > implemented those policies. My proposal is to avoid having multiple > binaries for Windows environments and make object collecting easier with > a single probe which handles all objects. > * Extra: Changing Linux to a single-probe would be interesting too, feel > free to comment on this topic too! > > > 2) Make it possible to implement/extend object collecting with Lua > > My idea here is to make it easier to implement new (custom) objects or > to extend/modify existing ones using Lua, interfacing it with all needed > underlying API for Windows probes like WMI-related objects. Also would > enable remote scan features such as making extended probes that would > report only Pass/Fail like Thin Results, which would be really > interesting for a remote scan in a big infrastructure. > Lua Virtual Machine is around 100-200kb, it would be really light and > easy to send it through the network along with Lua probes for remote > scanning with dissolvable agents which is another plus, not needing > openscap installed on target machines and deleting the agent after scan. > > > I think these are huge and audacious changes that would be more > interesting than just simply implementing Windows probes in the current > probe system as is. I'd like to hear feedback from our users, > developers, maintainers, everyone. > > > Thanks > -- > Raphael Sanchez Prudencio > Security Technologies | Red Hat, Inc. > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com <mailto:Open-scap-list@redhat.com> > https://www.redhat.com/mailman/listinfo/open-scap-list > <https://www.redhat.com/mailman/listinfo/open-scap-list> > > > > > -- > > > ------------------------------------------------------------------------ > > Calvin Hartwell > > *Red Hat, Inc.* |Infrastructure Consultant - EMEA GPS > > Peninsular House, 30-36 Monument Street, 4th Floor, London, EC3R 8NB. > > *☏ Mobile:*+44 (0) 7917052881 | *✉ Email: calvin.hartw...@redhat.com > <mailto:calvin.hartw...@redhat.com>* >
-- Raphael Sanchez Prudencio Security Technologies | Red Hat, Inc. _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
