[Open-scap] CNSSI-1253 Profile being developed for RHEL7 Workstation?
Jan Lieskovsky
jlieskov at redhat.com
Thu Feb 11 10:46:08 UTC 2016
Hello Mike,
thank you for reaching out.
----- Original Message -----
> From: "Mike Kuhnkey" <mkuhnkey at gmail.com>
> To: open-scap-list at redhat.com
> Sent: Thursday, February 11, 2016 10:59:00 AM
> Subject: [Open-scap] CNSSI-1253 Profile being developed for RHEL7 Workstation?
>
> Noticed the CNSSI-1253 profile is available for RHEL6. Is it possible to
> carry the profile forward to RHEL7?
The CNSS No.1253 profile from RHEL-6 has not been ported to RHEL-7
system in SSG upstream yet. The corresponding upstream ticket is:
[1] https://github.com/OpenSCAP/scap-security-guide/issues/858
So I would recommend to watch progress done there.
> I’m working through the scap-workbench build process…looking for
> insights/direction on what’s involved with such an effort?
SCAP Workbench itself can't help with porting existing RHEL-6 profile
to RHEL-7 security checklist. The code for that profile first needs
to be merged upstream [1].
> I’m on rocky ground when it comes to “catalog” versus “Profile” in this
> environment, so any insights on this are also relevant.
Refer e.g. to:
[2] https://github.com/OpenSCAP/scap-security-guide/pull/550
for an example what it means to port specific profile from one RHEL product
to another.
> What I’m particularly interested in is modifications of CNSSI-1253
> low/low/low to increased levels/controls.
Also interested in modifications of existing RHEL-6 CNSS No.1253 profile
against different overlays? Or is this question just RHEL-7 specific?
(IOW aforementioned answer(s) hold).
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
More information about the Open-scap-list
mailing list