[Open-scap] OpenSCAP support to Solaris and FreeBSD
Šimon Lukašík
slukasik at redhat.com
Thu Jul 20 10:22:09 UTC 2017
On 07/20/2017 10:22 AM, Jan Cerny wrote:
> Hi,
>
> 1) FreeBSD - They use a specific format, called VuXML.
> We don't have support for that now. That would require to
> implement parsing, evaluating and reporting in VuXML format
> and also a probe to scan FreeBSD Ports. That wouldn't be a small task.
>
> 2) Solaris - I'm afraid that link you provided doesn't contain data
> for Solaris, but it's for Oracle Linux, which is a RHEL derivative.
> I don't know if they provide same thing for Solaris. If the Solaris
> data exist, and they're in OVAL format as well, we would need
> to implement a probe for Solaris packaging system. We don't
> have any Solaris probes now.
>
Solaris used to ship with OpenSCAP natively. Not sure today. I didn't
get hands on solaris for years now.
The patches for solaris were unfortunately never contributed back to
upstream [1]. Last time I checked some of the patches were available at
https://java.net/projects/solaris-userland/sources/gate/show/components/openscap
However, that's now gone. The only hope for you is to ask your Solaris
vendor for OpenSCAP support.
Best,
~š.
[1] IIRC these patches were written in a way so they removed linux
support and added solaris. That wouldn't be acceptable for upstream anyway.
> I don't expect we in Red Hat will work on support for FreeBSD or Solaris.
> But we are willing to help people that want to contribute.
>
> Regards
>
> Jan Černý
> Security Technologies | Red Hat, Inc.
>
> ----- Original Message -----
>> From: "Jordan Caraballo" <jordancaraballo87 at gmail.com>
>> To: shawn at redhat.com
>> Cc: open-scap-list at redhat.com
>> Sent: Wednesday, July 19, 2017 7:39:48 PM
>> Subject: Re: [Open-scap] OpenSCAP support to Solaris and FreeBSD
>>
>>
>>
>> Hi Shawn,
>>
>> Thanks for your reply! I will start digging into them to see if I can start
>> developing some patches.
>>
>> I apologize if these are naive questions:
>>
>> - CIS has some pdf benchmark files for FreeBSD. Is this a good start for
>> recreating the rules to assess the system?
>>
>>
>> - On the other hand, there are vulnerabilities files available for FreeBSD
>> https://svn.freebsd.org/ports/head/security/vuxml/vuln.xml and Solaris
>> http://linux.oracle.com/security/oval/com.oracle.elsa-all.xml.bz2 . What we
>> would need is openscap and openscap-utils working on both OS's?
>>
>>
>> - Jordan
>> On 7/19/17 1:25 PM, Shawn Wells wrote:
>>
>>
>>
>> On 7/19/17 12:41 PM, Jordan Caraballo wrote:
>>
>>
>>
>> Hi guys,
>>
>> Are there any future or ongoing plans to support Solaris and FreeBSD
>> operating systems?
>>
>> Both to run OpenSCAP and to have compliance files from the
>> SCAP-Security-Guide.
>> There were 1-2 people from Oracle interested in porting OpenSCAP to
>> Solaris. Not sure what happened to that interest. Nobody has mentioned
>> FreeBSD before (that I know about).
>>
>> On the SSG side, there's no specific effort. Patches welcome if you'd be
>> interested in this.
>>
~š.
More information about the Open-scap-list
mailing list