[Open-scap] OpenSCAP support to Solaris and FreeBSD

Jan Cerny jcerny at redhat.com
Thu Jul 20 08:22:35 UTC 2017 

Hi,

1) FreeBSD - They use a specific format, called VuXML.
We don't have support for that now. That would require to
implement parsing, evaluating and reporting in VuXML format
and also a probe to scan FreeBSD Ports. That wouldn't be a small task.

2) Solaris - I'm afraid that link you provided doesn't contain data
for Solaris, but it's for Oracle Linux, which is a RHEL derivative.
I don't know if they provide same thing for Solaris. If the Solaris
data exist, and they're in OVAL format as well, we would need
to implement a probe for Solaris packaging system. We don't
have any Solaris probes now.

I don't expect we in Red Hat will work on support for FreeBSD or Solaris.
But we are willing to help people that want to contribute.

Regards

Jan Černý
Security Technologies | Red Hat, Inc.

----- Original Message -----
> From: "Jordan Caraballo" <jordancaraballo87 at gmail.com>
> To: shawn at redhat.com
> Cc: open-scap-list at redhat.com
> Sent: Wednesday, July 19, 2017 7:39:48 PM
> Subject: Re: [Open-scap] OpenSCAP support to Solaris and FreeBSD
> 
> 
> 
> Hi Shawn,
> 
> Thanks for your reply! I will start digging into them to see if I can start
> developing some patches.
> 
> I apologize if these are naive questions:
> 
> - CIS has some pdf benchmark files for FreeBSD. Is this a good start for
> recreating the rules to assess the system?
> 
> 
> - On the other hand, there are vulnerabilities files available for FreeBSD
> https://svn.freebsd.org/ports/head/security/vuxml/vuln.xml and Solaris
> http://linux.oracle.com/security/oval/com.oracle.elsa-all.xml.bz2 . What we
> would need is openscap and openscap-utils working on both OS's?
> 
> 
> - Jordan
> On 7/19/17 1:25 PM, Shawn Wells wrote:
> 
> 
> 
> On 7/19/17 12:41 PM, Jordan Caraballo wrote:
> 
> 
> 
> Hi guys,
> 
> Are there any future or ongoing plans to support Solaris and FreeBSD
> operating systems?
> 
> Both to run OpenSCAP and to have compliance files from the
> SCAP-Security-Guide.
> There were 1-2 people from Oracle interested in porting OpenSCAP to
> Solaris. Not sure what happened to that interest. Nobody has mentioned
> FreeBSD before (that I know about).
> 
> On the SSG side, there's no specific effort. Patches welcome if you'd be
> interested in this.
> 
> _______________________________________________
> Open-scap-list mailing list Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
> 
> 
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list

More information about the Open-scap-list mailing list