[Open-scap] Implementation for an AppArmor probe.

Jan Cerny jcerny at redhat.com
Fri Sep 15 08:26:28 UTC 2017 

Hi,

The new patch looks great. I'll review and test. I'll let you know.

Thanks

Regards

Jan Černý
Security Technologies | Red Hat, Inc.

----- Original Message -----
> From: "Bruno Ducrot" <bruno at poupinou.org>
> To: "Jan Cerny" <jcerny at redhat.com>
> Cc: open-scap-list at redhat.com, "William Munyan" <William.Munyan at cisecurity.org>
> Sent: Monday, September 11, 2017 6:18:59 PM
> Subject: Re: [Open-scap] Implementation for an AppArmor probe.
> 
> Hi Jan,
> 
> On Mon, Sep 11, 2017 at 09:44:40AM -0400, Jan Cerny wrote:
> > Hi Bruno,
> > 
> > this is awesome.
> > 
> > However, as Bill pointed out, AppArmor support was added to OVAL standard
> > in version 5.11.2.
> 
> Indeed.
> 
> > 
> > If you remove the schema changes of 5.11.0 it would be better.
> > We already have 5.11.2 schemas in the repository, so it should be enough
> > to change the version in your OVAL files.
> > I think we shouldn't add any custom extensions to the schemas in
> > schemas/oval
> > directory in OpenSCAP repository. One of the use-cases of oscap is to
> > verify whether the content complies with OVAL standard, which would be
> > broken with the patch :-)
> > 
> > Also, since AppArmor probe is in Linux namespace, I don't see a need to
> > create any new options in ./configure. The probes aren't Red Hat specific.
> > For example we have DPKG info probe, which is used only on Ubuntu and
> > Debian,
> > and we don't have a special option for that. It just doesn't compile the
> > probe
> > binary on RHEL/Fedora. I think AppArmor probe is a similar case.
> 
> Ok.  But there is no real library dependancies, so it will be
> compiled under systems without AppArmor.
> 
> The next iteration can be found here :
> http://poupinou.org/SCAP/openscap-apparmor-20170911.diff
> 
> That one is against current git, instead of 1.2.15.  I'm planing to clone the
> openscap
> git, just in case I'll have to do more stuff.
> 
> There is still the unit tests to be written though.  I hope doing so
> this week, but I'm a bit busy atm.
> 
> > 
> > Overall, I think that there is a very high chance to include the probe to
> > upstream.
> > I'm looking forward to your contributions.
> 
> Thanks !
> 
> 
> --
> Bruno Ducrot
> 
> -- Which is worse: ignorance or apathy?
> -- Don't know.  Don't care.
>

More information about the Open-scap-list mailing list