Thanks for the pointer to 'standard_profiles'. That plus adding a line to CMakeLists.txt seems to have done the trick, so I've been able to add a new profile to RHEL7 and can now check it versus CentOS 7, exactly as everybody described. Given that, it seems like breaking CentOS out of RHEL7 might, as has been pointed out, result in more duplication than it's worth. It was just hard to get started.
FWIW we don't use the profiles in order to qualify for a particular "official" seal of approval, but just as a way to develop, measure, and in some cases enforce consistent security configuration guidelines across all the systems that we maintain. So what I did was start with the RHEL7 OSPP profile, then add (and occasionally delete) rules as needed. Right now the big challenge is trying to understand the mindset needed to craft OVAL content. It's certainly not like any programming language I've ever used! We've also just started using Gitlab so am very happy to see that people are integrating SCAP tests into their CI pipelines. No doubt I'll be back with questions about that once our developers get more familiar with Gitlab. Thanks! _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
