Hi Leam, That’s a good question. Something I would also like to know. I am not as familiar with the Aqueduct project and certainly open to leveraging any and all remediation capabilities it offers. My take on the SSG content as it relates to remediation is to hold the authoritative desired state. Meaning XCCDF contains values for a fix tool for remediation. The way I see it bash scripting is one way of doing this. I’d like to see other methods such as puppet and alike to be able to use XCCDF as a source for fix values.
It would be great to build on bash scripting and expand on to other methods. Thanks. -ln From: [email protected] [mailto:[email protected]] On Behalf Of leam hall Sent: Friday, December 13, 2013 8:10 AM To: [email protected] Subject: Re: SSG Kickoff: RHEL7 Content What is SSG doing for script based remediation that Aqueduct isn't? Leam On Fri, Dec 13, 2013 at 7:27 AM, Nunez, Luis K <[email protected]> wrote: Hi Shawn, Can we also add to the agenda Remediation? I think this a good time to reflect on some of remediation content and capabilities with SSG moving forward. Thanks. -ln -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Steve Grubb Sent: Thursday, December 12, 2013 4:45 PM To: [email protected] Cc: Shawn Wells Subject: Re: SSG Kickoff: RHEL7 Content On Thursday, December 12, 2013 04:27:15 PM Shawn Wells wrote: > RHEL7 beta has been released, time to start on SSG content! > > Goals of this call: > - Quickly overview Red Hat's RHEL7 STIG intent > - Identify required steps to port SSG from RHEL6 -> RHEL7 > - Form initial work breakdown structure, assign "task leads" > - What OVAL standards will be needed? e.g. systemctl vs init, firewalld, etc > - RHEL6 STIG community feedback: What worked? What should be dropped? Everyone please note...some standards work will be required to get final RHEL7 content. This is because the move to systemd will make runlevel_test obsolete. These tests can be commented out until OVAL 5.11 is final. -Steve _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide -- Mind on a Mission <http://leamhall.blogspot.com/>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
