Hi Bruno, this is awesome.
However, as Bill pointed out, AppArmor support was added to OVAL standard in version 5.11.2. If you remove the schema changes of 5.11.0 it would be better. We already have 5.11.2 schemas in the repository, so it should be enough to change the version in your OVAL files. I think we shouldn't add any custom extensions to the schemas in schemas/oval directory in OpenSCAP repository. One of the use-cases of oscap is to verify whether the content complies with OVAL standard, which would be broken with the patch :-) Also, since AppArmor probe is in Linux namespace, I don't see a need to create any new options in ./configure. The probes aren't Red Hat specific. For example we have DPKG info probe, which is used only on Ubuntu and Debian, and we don't have a special option for that. It just doesn't compile the probe binary on RHEL/Fedora. I think AppArmor probe is a similar case. Overall, I think that there is a very high chance to include the probe to upstream. I'm looking forward to your contributions. Regards Jan Černý Security Technologies | Red Hat, Inc. ----- Original Message ----- > From: "William Munyan" <william.mun...@cisecurity.org> > To: "Bruno Ducrot" <br...@poupinou.org>, open-scap-list@redhat.com > Sent: Monday, September 11, 2017 2:59:10 PM > Subject: Re: [Open-scap] Implementation for an AppArmor probe. > > > > Bruno, > > Support for the apparmor test construct was put into the mainstream Linux > schema as of the OVAL 5.11.2 release. The 5.11.2 schemas can be found here - > https://github.com/OVALProject/Language/tree/master/schemas > > > > As for sample content that wouldn’t necessarily be under the scrutiny of a > CIS membership or bundles with CIS-CAT, I can probably find you some. > > > > Cheers, > > -Bill M. > > > > > > Bill Munyan > > Technical Product Executive; Security Controls & Automation > > 31 Tech Valley Drive > > East Greenbush, NY 12061 > > > > william.mun...@cisecurity.org > > 518 880-0690 > > 518 466-1160 (cell) > > > > > > > > > From: open-scap-list-boun...@redhat.com > [mailto:open-scap-list-boun...@redhat.com] On Behalf Of Bruno Ducrot > Sent: Monday, September 11, 2017 8:49 AM > To: open-scap-list@redhat.com > Subject: [Open-scap] Implementation for an AppArmor probe. > > > > > > > > Hi, > > I'm currently working on a probe for AppArmor, which, I think, could be > usefull for Ubuntu and Suse systems. The patch can be found here : > > http://poupinou.org/SCAP/openscap-apparmor-1.2.15.diff > > It's actually the same kind of probe (the suse:apparmorstatus thing) that > can be found in CIS-CAT. > > I think the only stuff that need to be done is to implement some unit > tests stuff. Ah, and only OVAL 5.11 for now. > > > I do have some concerns though : > > 1- I have to provide a file found in CIS-CAT for the OVAL schema. > > I think it's ok, though, since the header contains : > xmlns:suse=" http://oval.mitre.org/XMLSchema/oval-definitions-5#suse " > > I'm not sure however that I do have the right for redistributing this > schema. > > 2- This also introduce another NS, namely 'suse'. I think it's > overkill somewhat, and, IMHO, this should go under linux. > > 3- Lastly, I'm wondering if there will be a chance this probe will go > mainstream. > > > Cheers, > > -- > Bruno Ducrot > > -- Which is worse: ignorance or apathy? > -- Don't know. Don't care. > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list > > ..... > This message and attachments may contain confidential information. If it > appears that this message was sent to you by mistake, any retention, > dissemination, distribution or copying of this message and attachments is > strictly prohibited. Please notify the sender immediately and permanently > delete the message and any attachments. > > . . . . . > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
