On 07/20/2017 10:22 AM, Jan Cerny wrote: > Hi, > > 1) FreeBSD - They use a specific format, called VuXML. > We don't have support for that now. That would require to > implement parsing, evaluating and reporting in VuXML format > and also a probe to scan FreeBSD Ports. That wouldn't be a small task. > > 2) Solaris - I'm afraid that link you provided doesn't contain data > for Solaris, but it's for Oracle Linux, which is a RHEL derivative. > I don't know if they provide same thing for Solaris. If the Solaris > data exist, and they're in OVAL format as well, we would need > to implement a probe for Solaris packaging system. We don't > have any Solaris probes now. >
Solaris used to ship with OpenSCAP natively. Not sure today. I didn't get hands on solaris for years now. The patches for solaris were unfortunately never contributed back to upstream [1]. Last time I checked some of the patches were available at https://java.net/projects/solaris-userland/sources/gate/show/components/openscap However, that's now gone. The only hope for you is to ask your Solaris vendor for OpenSCAP support. Best, ~š. [1] IIRC these patches were written in a way so they removed linux support and added solaris. That wouldn't be acceptable for upstream anyway. > I don't expect we in Red Hat will work on support for FreeBSD or Solaris. > But we are willing to help people that want to contribute. > > Regards > > Jan Černý > Security Technologies | Red Hat, Inc. > > ----- Original Message ----- >> From: "Jordan Caraballo" <[email protected]> >> To: [email protected] >> Cc: [email protected] >> Sent: Wednesday, July 19, 2017 7:39:48 PM >> Subject: Re: [Open-scap] OpenSCAP support to Solaris and FreeBSD >> >> >> >> Hi Shawn, >> >> Thanks for your reply! I will start digging into them to see if I can start >> developing some patches. >> >> I apologize if these are naive questions: >> >> - CIS has some pdf benchmark files for FreeBSD. Is this a good start for >> recreating the rules to assess the system? >> >> >> - On the other hand, there are vulnerabilities files available for FreeBSD >> https://svn.freebsd.org/ports/head/security/vuxml/vuln.xml and Solaris >> http://linux.oracle.com/security/oval/com.oracle.elsa-all.xml.bz2 . What we >> would need is openscap and openscap-utils working on both OS's? >> >> >> - Jordan >> On 7/19/17 1:25 PM, Shawn Wells wrote: >> >> >> >> On 7/19/17 12:41 PM, Jordan Caraballo wrote: >> >> >> >> Hi guys, >> >> Are there any future or ongoing plans to support Solaris and FreeBSD >> operating systems? >> >> Both to run OpenSCAP and to have compliance files from the >> SCAP-Security-Guide. >> There were 1-2 people from Oracle interested in porting OpenSCAP to >> Solaris. Not sure what happened to that interest. Nobody has mentioned >> FreeBSD before (that I know about). >> >> On the SSG side, there's no specific effort. Patches welcome if you'd be >> interested in this. >> ~š. _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
