Hey Shawn, I’ll add to Steve’s point that if there is not current OVAL support for the constructs you need, then the new OVAL tests/objects/states/items would need to be created in either a new OVAL schema or (more likely) as additions to the existing Linux schema. Once created a proposal can be made to the OVAL language team through an issue and pull request to the official OVAL Language GitHub<https://github.com/OVAL-Community/OVAL>. The newly released proposal process can be found here<https://oval-community-guidelines.readthedocs.io/en/latest/proposal-process/index.html>.
Once proposed, the OVAL community can provide feedback and implementations to prove the concept and progress the proposal along towards adoption. Ultimately, the area supervisor for the Linux schemas will need to be involved as well. The supervisor for Linux is currently Simon Lukasik. I’m happy to help out with any schema development, and potential implementation of proposed updates as well (although I’ll freely admit negligible knowledge of OpenShift). The language governance, proposal and adoption process are all recently “released” so if you find yourself needing help with the process, don’t hesitate to reach out. Cheers, -Bill M. Bill Munyan Solutions Architect; Security Best Practices 31 Tech Valley Drive East Greenbush, NY 12061 william.mun...@cisecurity.org<mailto:william.mun...@cisecurity.org> 518 466-1160 (cell) [CIS_WEB_Logo_Type_RGB_Flat]<https://www.cisecurity.org/> [CIS Email Icons 01_23-02] <https://www.facebook.com/CenterforIntSec> [CIS Email Icons 01_23-03] <https://twitter.com/CISecurity> [CIS Email Icons 01_23-04] <https://www.youtube.com/user/TheCISecurity> [CIS Email Icons 01_23-05] <https://www.linkedin.com/company/the-center-for-internet-security> From: open-scap-list-boun...@redhat.com <open-scap-list-boun...@redhat.com> On Behalf Of Steve Grubb Sent: Monday, February 4, 2019 1:16 PM To: Shawn Wells <sh...@redhat.com> Cc: open-scap-list@redhat.com Subject: Re: [Open-scap] When to expect OVAL probes for OpenShift? On Mon, 4 Feb 2019 12:11:32 -0500 Shawn Wells <sh...@redhat.com<mailto:sh...@redhat.com>> wrote: > On 2/4/19 6:08 PM, Steve Grubb wrote: > > On Mon, 4 Feb 2019 11:06:00 -0500 > > Shawn Wells<sh...@redhat.com<mailto:sh...@redhat.com>> wrote: > > > >> When can OpenSCAP probes be expected for OpenShift? > > > Are you talking about new OVAL tests? > > Probes so that OVAL tests could be created. Akin to the systemd > probes. OK. I think we are mismatching terminology here. OVAL defines tests and states. OpnSCAP, an implementation, chooses to convert the required test into a probe. This is an implementation detail. So, the first thing is, do we need a new OVAL test? If so, why does no other test currently work? What is the file format? You will need to state this to someone that is on the OVAL editorial board. They will need to propose the changes to the language and get it reviewed and approved. This could take a little time. -Steve _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com<mailto:Open-scap-list@redhat.com> https://www.redhat.com/mailman/listinfo/open-scap-list<https://www.redhat.com/mailman/listinfo/open-scap-list> ..... This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments. . . . . .
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
