Unfortunately, no. They will probably be updated and release next year due
to covid and backlogs and such.
On Wed, Dec 2, 2020 at 1:33 PM Todd, Charles wrote:
> Or the FIPS 140-2/3 and CC certifications? They seem to be stuck in limbo
> too.
>
>
>
> Charlie Todd
>
> Ball Aerospace &
Looks good. I assume that this is going to be in addition to and not a
replacement of the existing template? Having more than one issue template
that GH creates a menu for you to choose is kinda nice.
On Fri, Nov 6, 2020 at 8:54 AM Vojtech Polasek wrote:
> Hello all,
> I would like to propose a
On Thu, Aug 13, 2020 at 1:34 AM Watson Sato wrote:
>
>
> On Wed, Aug 12, 2020 at 1:40 AM Gabe Alford wrote:
>
>>
>>
>> On Tue, Aug 11, 2020 at 6:00 AM Watson Sato wrote:
>>
>>>
>>>
>>> On Tue, Aug 11, 2020 at 1:24 AM Shane Boulden
and increases
> requirements on the codeowners.
>
I actually really like this idea of using codeowners to track profile
maintainers and think it is a more elegant solution than keeping track in
the profile.
>
>
>> On Mon, Aug 10, 2020 at 8:18 PM Matej Tyc wrote:
>>
>
Anything that is metadata should conform to the Dublin Core per the XCCDF
specification for the .profile files, or it can be a commented out section
at the top of the .profile.
Alternatively, a single file like maintainers or profile maintainers would
be better as a single source of truth.
On Wed, Jul 29, 2020 at 10:56 AM Matej Tyc wrote:
> The PR https://github.com/ComplianceAsCode/content/pull/5606 introduced
> a large number of changes that may break patches, but those changes were
> much needed in the project. So I think that we should use this
> opportunity to introduce more
bios is an interesting idea. Currently, we do not check for the
> grub.cfg file in case of UEFI, at least not in this template.
>
This is a bug that we should fix quickly since it affects all our grub
checks.
> Vojta
>
>
>
>
>
>
>
>
> Dne 20. 07. 20 v
On Wed, Jul 15, 2020 at 2:28 AM Andy Coates wrote:
> Hi All,
>
> First I'm jumping in the deep end with this - I've only just discovered
> the ComplianceAsCode/content repo and whilst loving the design and
> flexibility, as a newbie it is very daunting to ingest how all the rules
> are generated
No. Go right on and create them. The AppArmor checks should definitely be
under their own directory.
Thanks!
On Tue, Jun 9, 2020 at 9:23 AM Jon Thompson wrote:
> Is there any objection to developing AppArmor checks for those OS that use
> it? If so, would they exist in their own folder like
NACK.
If you would like to work on real policy evaluation, there are projects
that we can hook you up with.
There is a lot more to policy evaluation than what this proposal is and
incorporates more work than the
members of this project have time for. This problem is being worked on in
other
Containers are changing from where we originally thought certain practices
were going to hold true. These ideas and practices no longer hold true.
Kernel modules are going to start to be installed, delivered, and
configured through containers (delivered by Red Hat). SSH servers are now
running in
There definitely needs to be more information as there is moderate, high,
and those like DHS5300A that select everything. CUI 800-171 is a subset of
800-53.
As rehashed over and over again, CentOS will never meet 800-53 or 800-171
requirements. It is not meant to. There is and won't be a USGCB or
Originally, these rules were only written for cdrom with the guidance never
changing to handle other devices even though it reads like they do handle
other devices.
You are correct in that the rules are to check for all types of
removable devices. They were just never updated to fully address all
Hello,
Currently for references (STIGID, NIST, CUI, etc.) in our yaml content, we
use a form of shortening
the reference for STIGID and CCI e.g.
For CCI, we do something like the following:
```
disa: 2165,2696
```
For STIGID, we do something like the following:
```
stigid: "020210"
```
This
It's a good idea to focus on the RHCOS content first as that should be the
priority first.
Since Kubernetes is the orchestration engine for worker nodes, RHEL content
should exist under the OCP product as Kubernetes will be manage everything.
Just like the CoreOS content is done right now.
On
Are they modules default in Puppet or are they custom or downloaded
separately? If they are default in a standard Puppet install, it should be
no problem as that is what we do with Ansible tasks.
On Mon, Feb 17, 2020 at 2:58 PM Trevor Vaughan
wrote:
> I was looking to update the Puppet
Not fully true. The intent is such, but the code does more than just
containers. Setting ansible_virtualization_role != "guest" applies to
virtual machines AND any undefined container technology that Ansible facts
do not understand or know about.
On Wed, Feb 12, 2020 at 3:33 AM Jan Cerny wrote:
ansible_virtualization_role != "guest" should never have been added as all
of the rules of a physical machine apply to a virtual machine.
However, keeping `ansible_virtualization_type != "docker"` makes sense
because many of controls don't make sense for containers themselves.
There is a bug open
Considering the amount of content that needs to be updated for new releases
of STIG and replacement of authconfig, updates to pam checks, etc. I would
consider this a very low priority at this time.
On Wed, Dec 18, 2019 at 9:18 AM Matěj Týč wrote:
> ...
>
> Alternatively, many the rules are
IIRC the ENS standard uses ISO 27001 which CentOS doesn't meet. In addition
if ISO/IEC 15408 is applied against ENS, CentOS does not meet this in any
way.
On Tue, Dec 10, 2019 at 3:33 AM Kuko Armas wrote:
>
> Hello, I'm starting to take a look at the SSG content repo in github, and
> I tried to
On Thu, Nov 14, 2019 at 1:30 PM Trevor Vaughan
wrote:
> Ilya,
>
> Could you link to the specific sections please?
>
> In my opinion, SSSD should be completely removed if not utilized and the
> LOCAL provider should never be configured since it allows you to
> effectively hide accounts from
On Thu, Nov 14, 2019 at 12:12 PM Ilya Okomin wrote:
> Hello experts!
>
> I've noticed SSSD configuration rules implemented without verification
> if SSSD package/service installed/enabled. To be added, remediation part
> doesn't install sssd in case it is missing on the system, thus fix
>
On Fri, Nov 1, 2019 at 10:46 AM Trevor Vaughan
wrote:
> I don't see a reason to remove the rule in general but:
>
> 1) Having the telnet *client* present isn't really a big deal if you have
> pretty much any scripting language, or modern SSH that allows the NULL
> cipher
>
IIRC as of one of the
On Fri, Oct 11, 2019 at 12:25 PM Chuck Atkins
wrote:
>
>
>> FIPS certification is more than just turning on ciphers,
>>
>
> For sure, I'm not arguing that point at all.
>
>
>> but doing so only does the technical part, but it’s not the whole chain.
>>
>
> So, that's what the rules in question
Are the checks manual checks and can't be automated through SCAP?
On Fri, Oct 11, 2019 at 3:26 PM wrote:
> This may be the wrong place to ask this, but I've been looking at this for
> hours and was hoping someone could either explain what I'm seeing or point
> to someplace that I can ask.
>
>
On Tue, Sep 17, 2019 at 1:50 PM Sanders, Robert
wrote:
> Hello all,
>
> Is there any way to load a set of customizations into scap-workbench,
> make some additional tweaks, and then output *only* the customizations
> themselves (old + new changes)? Everytime I’ve tried to do this I wind up
>
The project discussed this several years ago as well as adding LTS brances
but ultimately decided against it due to the maintenance costs and burdens
placed on owners.
Not sure what has changed since security is always changing and evolving.
> I have so many commits I have yet to get commited
Actually it is more than that. RHEL certifications including profiles that
go through certification do not apply to CentOS and actually do not flow
down from RHEL to CentOS.
CentOS fails to meet certification requirements in the areas of
cryptography and now in secure software supply chain which
On Wed, Apr 17, 2019 at 11:48 AM Alexander Bergmann
wrote:
> Hi everyone,
>
> I have a question about the rules execution order. From my testing the
> execution order is simply the rule order inside a group of a benchmark.
> It looks like the order simply depends on the directory structure of
>
?
On Fri, Apr 5, 2019 at 4:22 PM Shawn Wells wrote:
>
> On 4/5/19 6:14 PM, Gabe Alford wrote:
> > Personally, I don't see the benefit of these errors that are
> > mentioned, and they should be removed.
>
>
> Imagine if you're a developer making a profile and it's not appearin
Personally, I don't see the benefit of these errors that are mentioned, and
they should be removed.
On Fri, Apr 5, 2019 at 3:49 PM Shawn Wells wrote:
>
> On 4/5/19 7:16 AM, Watson Sato wrote:
>
>
>
> On Wed, Apr 3, 2019 at 4:49 PM Shawn Wells wrote:
>
>> When building off master, I receive the
In each profile, you could set `documentation_complete` to `False` except
for the profile that you want to build.
However, there will still be some content that gets added because it
applies to all products.
But outside of filesize, why are you wanting to remove content that is
tailorable and
Because they are separate rules, they should be separate remediations.
Of course if the upstream faillock BZ [1] was prioritized and dealt with
sooner,
we probably wouldn't necessarily be having this discussion.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1537242
On Tue, Feb 12, 2019 at
On Wed, Jan 9, 2019 at 9:09 AM Watson Sato wrote:
>
>
> On Wed, Jan 9, 2019 at 3:28 AM Shawn Wells wrote:
>
>>
>> On 1/8/19 1:39 PM, Gabe Alford wrote:
>>
>> On Tue, Jan 8, 2019 at 7:08 AM Watson Sato wrote:
>>
>>>
>>>
On Tue, Jan 8, 2019 at 7:08 AM Watson Sato wrote:
>
>
> On Tue, Jan 8, 2019 at 2:57 PM Trevor Vaughan
> wrote:
>
>> Personally, I think that anything marked as %config should not be checked
>> because they are allowed to vary anyway.
>>
>
> I'm leaning towards ignoring config files in OVAL
irst place?
>
>
> I can't be the only person in this boat. What are others doing?
>
> Wonder if this is something that could be incorporated into Security
> Central?
>
> /me glances at @Gabe Alford
>
___
scap-security-guid
This would be a great RFE to file upstream as well as with Red Hat for
SCAP-workbench to support this workflow.
Gabe
On Tuesday, November 27, 2018, James Ralston wrote:
> I apologize if this is a little off-topic for this list, but a
> question: what are others who use STIG Viewer planning to
those could be used
>> to compare a running system against the certification report.
>>
>> Yes, I also understand that sometimes the desire is to be able to show
>> that CentOS or Fedora is NOT FIPS certified verses RHEL. Of course, that
>> assumes that the RHEL you
Outside of going to
https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search
and clicking `search` with empty search parameters, don't know of anything.
On Mon, Oct 29, 2018 at 1:33 PM Trevor Vaughan
wrote:
> Hi All,
>
> Does anyone know of a project that
The scan fails because permissions should be 0640 for the private key. If
they are not set to 0640, this prevents sshd from generating keys.
On Thu, Sep 20, 2018 at 8:40 AM, Dushyant Uge wrote:
> Hello Team,
>
> One of our customer raised concern that --
> The rule going wrong are:
>
CIS Benchmark requires the auditing of /var/lib/docker for this reason
which might be the simplest answer to handling these cases.
On Tue, Sep 4, 2018 at 7:06 AM, Steve Grubb wrote:
> On Monday, September 3, 2018 12:01:11 PM EDT Matus Marhefka wrote:
> > Hello,
> >
> > I would discuss this with
If you want to submit a PR with putting Inspection content under
shared/checks/inspec, that would be great. We can then look at the content
and determine what needs to be done.
On Wednesday, June 20, 2018, Trevor Vaughan wrote:
> I'd like to contribute the checks (they're not remediations) but
The SSG python modules are currently going through a refactoring, so build
failures are currently possible on master. Building SSG on Windows will
soon be possible as well.
On Friday, June 22, 2018, Trevor Vaughan wrote:
> The last tag is just fine.
>
> I've changed my code to only use the last
Yes, version 0.1.36 has been released.
On Fri, Apr 20, 2018 at 11:10 AM, Dushyant Uge wrote:
> Hello,
>
> I checked RHEL7.5 has been released now.
>
> My question --
>
> Is SCAP Security Guide 0.1.36 released with RHEL7.5?
>
>
> Thanks & Regards,
> Dushyant Uge
>
> On Tue, Apr
Fen,
There is an RFE open in OpenSCAP for this very thing at
https://github.com/OpenSCAP/openscap/issues/633
Outside of tailoring a profile, nothing super easy from the OpenSCAP side
of the house.
Gabe
On Thu, Mar 1, 2018 at 8:59 PM, Fen Labalme
wrote:
> The
Awesome Fen! Can you provide insight into your usage of Graylog instead of
ELK or EFK?
On Thu, Feb 1, 2018 at 3:37 PM, Fen Labalme
wrote:
> Would love some XSLT files for parsing the XML files nicely (I've been
> wanting this, but am not an XSLT sorta guy). If the
A couple of things to think about as we move towards the idea of Compliance
As Code and a
central CLI/WebUI.
1. We are moving away from authoring content in XML and towards a YAML
style format which
was shown at Defense in Depth last year. Many people were smiling and
liking the idea.
Chuck,
I completely understand your frustrations. SSG is evolving to handle
different types of remediation languages for consumption by environments
that may use different remediation technologies like puppet, ansible, etc.
besides just bash.
By default, oscap does only bash remediations. One of
On Thu, Nov 16, 2017 at 8:49 AM, Olivier BONHOMME
wrote:
> On Wed, Nov 15, 2017 at 05:52:35PM +0100, Watson Yuuma Sato wrote:
> > On 15/11/17 13:15, Olivier BONHOMME wrote:
> > > Dear OpenScap community,
> > >
> > > I'm currently working for my company on checking the RHEL 7
I *think* that this is actually expected behavior if you have
clean_requirements_on_remove enabled.
On Thu, Oct 26, 2017 at 11:23 AM, Shawn Wells <sh...@redhat.com> wrote:
>
>
> On 10/26/17 1:11 PM, Gabe Alford wrote:
> > Should be able to install with:
> >
> &
Should be able to install with:
$ sudo yum install xml-common
and I believe that it is included in the base repo.
It has actually always been required as it provides `/usr/share/xml`
On Thu, Oct 26, 2017 at 10:55 AM, Shawn Wells wrote:
> Attempting to install RPM, receive
On Mon, Oct 9, 2017 at 2:14 PM, Shawn Wells wrote:
>
>
> On 10/9/17 1:19 PM, Wesley Ceraso Prudencio wrote:
>
> Hi all,
>
> I noticed something strange in the information we have about the STIG
> Profiles. The problem is that what we internally refer as "Stig ID" is
>
I say we keep bash scripts as other distros will probably need them. Plus,
I would think that we would want to handle environments where ansible will
never be used.
On Tue, Aug 1, 2017 at 5:20 PM, Shawn Wells wrote:
> RHEL 7.4 is out! That means we can now be public on how
Where the rules that you added inside the elements rather than just
appended to the bottom of the file?
> The SSG can be installed by using `yum install
scap-security-guide` as a root user
Use yum install scap-security-guide or yum install
scap-security-guide here.
Gabe
On Wed, Jun 21, 2017
On Fri, Mar 24, 2017 at 12:20 PM, Shawn Wells wrote:
> We currently use "xccdf_org.ssgproject" -- should this be changed to
> "xccdf_io.openscap" or "xccdf_org.open-scap"?
>
> Has been bugging me for awhile.
>
> For downstream, should we use xccdf_com.redhat?
>
+1, please do!
Can you provide the HTML output at all? Also permissions of /boot/grub2 and
grub.cfg? What superusers to you have configured?
On Thursday, March 23, 2017, Albert Roberson wrote:
> I hope it is obvious that i meant to type that i am logged in as "root"
> when i run the scan.
I'm all for simplifying SSG; however, the roadblocks that Shawn has listed
cannot be understated. How would environments using puppet or ansible or
bash or work with Inspect especially as Inspect
appears to be more of a Chef component? Moving away from a defined standard
SCAP (for better or for
On Mon, Mar 20, 2017 at 12:44 PM, wrote:
> There are several items that are showing failures in spite of remediation.
> Where is the best place to search/file findings such as these. As an
> example, the scan fails even though the boot loader password is enabled and
> the
On Thu, Feb 23, 2017 at 1:48 PM, Shawn Wells wrote:
> Went to give a demo of SSG this morning - and noticed the HTML tables
> are no longer in RHEL/7/output/*.
>
> Where did the HTML tables go? I can't find any documentation on the new
> build flags.
>
I believe that they are
Hello,
Both the DISA SRGs and STIGIDs are added to the applicable RHEL/7 content.
You can verify this by either `grep -rni 'stigid\|srg' RHEL/7/input/xccdf`,
or `grep 'SRG\|RHEL-07' ssg-rhel7-xccdf.xml`
Also, when a report is generated with the oscap --report option, the SRG
and STIGID
On Fri, Sep 30, 2016 at 2:19 AM, wrote:
> Hello,
>
> I am trying to test how new rules can be added to SUSE. I could not find
> any documentation so this is what I have done so far:
>
> 1) Added a new file input/xccdf/system/permissions/files.xml with a
> couple of rules to
On Wed, Aug 3, 2016 at 6:40 AM, Steve Grubb wrote:
> On Wednesday, August 3, 2016 7:17:15 AM EDT Jan Lieskovsky wrote:
> > Hello,
> >
> > please see downstream report:
> > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1357620
> >
> > In short the reason for the failure
On Tue, Jul 26, 2016 at 3:24 PM, Martin Preisler
wrote:
> I found pretty bad inefficiencies in some of our XSLTs.
>
> Check out
> https://github.com/OpenSCAP/openscap/commit/a65bf27dec4a93e2b87cec8cbcd80bec4fd2328a
> or
>
Hello Phil,
It is nothing to be concerned about. Basically, the warning message is
letting you know that the OpenSCAP scan cannot download the latest CVE OVAL
file from redhat.com which makes sense as the system cannot access the
internet.
Thanks,
Gabe
On Mon, Jul 11, 2016 at 12:59 PM,
Hello Radzy,
> I'm trying to figure out how to go about investigating why "notapplicable"
> is returned. Mostly, I'm working with a new directory for WR Linux.
Are you saying that all checks return "notapplicable" when you run a scan?
Or are you saying that you created a custom OVAL and the
On Fri, Jun 24, 2016 at 10:19 AM, Shawn Wells wrote:
>
>
> On 6/24/16 12:16 PM, Jan Lieskovsky wrote:
>
>> Hello folks,
>>
>>so there are these SSG "feature milestones" on GitHub:
>>* Infrastructure Enhancements and Fixes
>> (
>>
om /etc/passwd that have UID greater or equal
> to 500 without using password_object? I have been trying to do this for
> many days now without any luck.
>
> Thanks for your time
>
> --
> Rodolfo Martínez
>
> On Tue, Jun 7, 2016 at 1:03 PM, Gabe Alford <redhatri...@gmail.co
Hello Rodolfo,
I just did a quick glance as I currently don't have the cycles to look into
this but the "state_at_system_accounts_at_allow_uid" exclude filter is
where this is not working. It is not filtering UIDs greater than 1 or 500
for that matter.
Specifically this subexpression is what is
Just curious but would a `yum reinstall` work?
On Tue, Nov 24, 2015 at 11:52 AM, Shawn Wells wrote:
>
>
> On 11/24/15 1:32 PM, Shawn Wells wrote:
>
>> Running on RHEL 7.2, receiving "No definition with ID: " errors.
>> Known issue?
>>
>>
>>
>>
>> # cat /etc/redhat-release
Here are some old threads that discussed this that *I think* (should say
vaguely remember) moved to usage of Firewalld over the IPTables services.
https://lists.fedorahosted.org/pipermail/scap-security-guide/2014-October/006214.html
On Tue, Aug 4, 2015 at 8:43 AM, Shawn Wells sh...@redhat.com wrote:
On 7/30/15 5:57 PM, Bond Masuda wrote:
Ok. I guess I will need to learn how to write OVAL and XCCDF content
Writing SCAP isn't the only way to contribute :)
If you can create guidance (just text) for a tool, people
This is true. Most likely the same for Scientific Linux. Would you mind
opening a ticket on github?
On Thu, Jul 30, 2015 at 2:40 PM, Bond Masuda bond.mas...@hexadiam.com
wrote:
For rule id: ensure_redhat_gpgkey_installed, it appears to be looking
for
On Wednesday, July 8, 2015, Shawn Wells sh...@redhat.com wrote:
On 7/8/15 7:41 AM, Martin Preisler wrote:
I wrote a small blog post about a new feature in SSG 0.1.24 -
building one HTML guide for each profile we ship and providing
a convenient switcher.
Bond,
Try running the following:
# oscap xccdf eval --profile stig-rhel6-server-upstream \
--results /tmp/`hostname`-ssg-results.xml \
--report /tmp/`hostname`-ssg-results.html \
--cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
Hey Bond,
As of SCAP Security Guide release 0.1.23, CentOS content is now available
(any older version will require tweaking). See the announcement here:
https://lists.fedorahosted.org/pipermail/scap-security-guide/2015-June/006462.html
You can download and build the SSG content from
Greg,
I don't think that it should be too much of a problem migrating the
profiles. See https://github.com/OpenSCAP/scap-security-guide/pull/550 for
an example.
Gabe
On Thu, May 7, 2015 at 10:42 AM, Greg Elin grege...@gitmachines.com wrote:
Fend and I are looking at moving a client from AWS
Branching is not a bad idea. We could also develop platform build code that
could handle specific version/os use cases as another option.
Gabe
On Wed, Apr 22, 2015 at 7:00 AM, Steve Grubb sgr...@redhat.com wrote:
On Wednesday, April 22, 2015 10:50:36 AM Šimon Lukašík wrote:
And here comes
On Thu, Apr 9, 2015 at 8:04 AM, Trey Henefield trey.henefi...@ultra-ats.com
wrote:
Thank you everyone for the responses!
I completely agree with the benefits of the shared directory. That really
wasn't so much my concern, but rather a better way of utilizing it.
As Jan pointed out, I am
:
scap-security-guide-boun...@lists.fedorahosted.org] *On Behalf Of *Gabe
Alford
*Sent:* Thursday, April 09, 2015 9:59 AM
*To:* SCAP Security Guide
*Subject:* Re: Shared Checks/Fixes ...
On Thu, Apr 9, 2015 at 8:04 AM, Trey Henefield
trey.henefi...@ultra-ats.com wrote:
Thank you everyone
I agree with Greg about providing more detail. I am especially curious
about the multiple filesystems and version control systems.
The (shared/oval) and (shared/fixes/bash) are for checks and fixes that
span multiple OS versions (App versions can be used as well if needed). Not
all the checks and
On Fri, Mar 20, 2015 at 10:56 AM, Shawn Wells sh...@redhat.com wrote:
On 3/20/15 9:23 AM, Gabe Alford wrote:
Depends on how agnostic the content is.
It would just be primarily for the RHEL/Fedora products and derivatives
i.e CentOS, etc.
Makes sense to drop into existing directories
/Ubuntu in addition to RHEL,
so made sense for its own tree.
--
Shawn Wells
Director, Innovation Programs
sh...@redhat.com | 443.534.0130
@shawndwells
On Mar 20, 2015, at 9:01 AM, Gabe Alford redhatri...@gmail.com wrote:
Sorry user keyboard error.
I am currently in the mist of securing
. but for BIND and HTTP, or
should the XCCDF be added to RHEL/6/input/services/dns.xml and
RHEL/6/input/services/http.xml?
Thanks,
Gabe
On Fri, Mar 20, 2015 at 6:57 AM, Gabe Alford redhatri...@gmail.com wrote:
Hello,
I am currently in the mist of securing some of my systems
Hello,
I am currently in the mist of securing some of my systems with the
BIND and HTTP STIGs, and
--
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Here is a man page that seems to explain it for systems running systemd:
http://www.freedesktop.org/software/systemd/man/sysctl.d.html
Gabe
On Mon, Feb 2, 2015 at 7:05 AM, Trevor Vaughan tvaug...@onyxpoint.com
wrote:
That's a really good question.
If it's implemented in the same way as
...@linqhost.nl wrote:
Because we would like to have 2 different issue files (different
content):
tty and ssh.
But guess I have to make a patch then for internal use :-)
- Gerwin
On 01/21/2015 04:02 PM, Gabe Alford wrote:
Just read this thread.
I may be missing something here, but why
Really like the new feature! One thing is how do I remove a waiver, e.g.
what if I accidentally add a waiver to the wrong rule?
Gabe
On Wed, Nov 12, 2014 at 9:36 AM, Martin Preisler mprei...@redhat.com
wrote:
- Original Message -
From: Shawn Wells sh...@redhat.com
To: Martin
Thanks all! Very helpful.
Gabe
On Thu, Oct 30, 2014 at 7:57 PM, Shawn Wells sh...@redhat.com wrote:
On 10/29/14, 4:50 PM, Gabe Alford wrote:
I wanted to ask if anyone is using RHEV at all especially in
an IC/DoD environment. Has it been approved? Secured? What issues
Hello list,
I wanted to ask if anyone is using RHEV at all especially in an
IC/DoD environment. Has it been approved? Secured? What issues are there?
Thanks,
Gabe
--
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
On Fri, Oct 3, 2014 at 5:08 PM, Shawn Wells sh...@redhat.com wrote:
On 10/3/14, 3:31 PM, Crawford, Nicholas P CTR USARMY CERDEC (US) wrote:
Greetings,
I had a couple of questions about the direction the RHEL 7 SSG will be
going;
Particularly with the below new subsystems in
Depends on the project (which those projects may/may not be doing it
right).
Katello a README (
https://git.fedorahosted.org/cgit/katello.git/tree/README.md).
FreeIPA and SSSD use a README (
https://git.fedorahosted.org/cgit/freeipa.git/tree/README) and BUILD.txt (
Hello,
I have added a wiki page for contributing on GitHub for our
project here
https://github.com/OpenSCAP/scap-security-guide/wiki/Contributing. Please
let me know what you think and what needs to be added/deleted. If the
fedorahosted wiki is what needs to be updated and used for a
Having pull requests merged against the existing baseline would be huge
as well, especially for release note documentation. Any idea how to set
that up?
Do you mean that all pull requests from the time github use started to
today be added to the 0.1.19 milestone? Or.?
--
SCAP Security
Speaking about blockers (issues that definitely need to go into next
release)
would it be possible to set up an agreement that such fixes would receive
the
[BLOCKER] prefix together with the [PATCH] prefix?
Are you talking about adding a Blocker label to the pull request? Or when
you `git
Went ahead and added some milestones. Check them out here:
https://github.com/OpenSCAP/scap-security-guide/milestones
Also added a BLOCKER and bugfix label to the github labels.
On Wed, Sep 3, 2014 at 8:02 AM, Gabe Alford redhatri...@gmail.com wrote:
Speaking about blockers (issues
Hello,
Just checking on the latest master, this is appearing to fail
because the 'make templates' generates a file permission OVAL check for
grub that is not in the XCCDF. The offending xml file is
file_permissions_boot_grub_grub_conf.xml which if you `rm
Hello,
I have the following git pull requests below that need final review. I can
merge if ack'ed
- https://github.com/OpenSCAP/scap-security-guide/pull/38
- https://github.com/OpenSCAP/scap-security-guide/pull/33
- https://github.com/OpenSCAP/scap-security-guide/pull/30
Thanks,
Agree about the *The system is not compliant!* text. A lot of our
security people will freak out over it. Maybe either different types of
non-compliance messages are based off of a %, or better non-compliance
messages that are not so alarming.
Gabe
On Thu, Aug 28, 2014 at 12:29 PM, Andrew
Hello,
I have a git pull request waiting for review at
https://github.com/OpenSCAP/scap-security-guide/pull/22. If ack'ed, it
would need to be merged by project collaborators.
Thanks,
Gabe
--
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
Just checked the source, and the error is still there. It is still
appearing to fail over /dev/.udev
Here are some examples of patterns that generate errors:
/dev/.udev/links/disk\x2fby-uuid\actual_uuid/b8
/dev/.udev/db/tty:ttyS0
Thanks,
Gabe
On Thu, Aug 14, 2014 at 1:38 PM, Shawn Wells
1 - 100 of 110 matches
Mail list logo