[Open-scap] Video preview of the OSCAP Anaconda addon

Vratislav Podzimek vpodzime at redhat.com
Tue May 14 09:21:03 UTC 2013 

On Wed, 2013-04-24 at 14:30 +0200, Peter Vrabec wrote:
> hey Vrata,
> 
> your demo is cool. I'm glad to see progress in integration with an 
> installer. It's an important piece of a bigger "work flow" which is
> 
> anaconda -> oscap/scap-workbench -> spacewalk
> 
> Combination of these components enable users to:
> * create pre-configured image - system is hardened before the first 
> boot; no need to write complicated kickstarts!
> * perform local or remote scans of "live" systems
> * trigger remediation & customize content (tailoring)
> * monitor security compliance from enterprise system manages solution
> 
> 
> On 04/24/2013 10:27 AM, Vratislav Podzimek wrote:
> > Hello everybody,
> > I'm a member of the Anaconda installer team and as my master thesis I'm
> > developing an addon for the Anaconda that would allow SCAP content
> > evaluation during the installation process. To provide a preview of what
> > I've done so far I've recorded a video [1]. The quality is not that
> > great I'd like it to be, but I hope it would serve the purpose of
> > presenting the basic ideas and approach.
> >
> > [1] http://vimeo.com/64702496
> >
> > The work is far from being finished, but it already covers the most
> > important actions that need to take place. What is currently missing is
> > a profile selection in the GUI and support for more content types than
> > just datastreams. In the future, there will probably also be an addon
> > for the Initial Setup (new Firstboot) that will show the results from
> > the evaluation and remediation that is done after installation in the
> > chroot of the newly installed system.
> 
> I consider it useful to have a support in the Initial Setup. It will 
> basically run a scan and show report. That will prove that system is in 
> compliance and nothing is messed up.
> 
> >
> > Looking forward to see your comments and suggestions,
> >
> 
> Where are you planning to post a documentation?
My plan is to have the addon packaged as a standard Fedora package with
a Trac instance on fedorahosted.org. So I will probably put the
documentation in there and reference it from the OpenSCAP's site as the
other related projects (SCC, secstate, SCE community content, ...) do.

-- 
Vratislav Podzimek

Anaconda Rider | Red Hat, Inc. | Brno - Czech Republic

More information about the Open-scap-list mailing list