[Open-scap] Implementation for an AppArmor probe.
Jan Cerny
jcerny at redhat.com
Fri Sep 15 08:26:28 UTC 2017
Hi,
The new patch looks great. I'll review and test. I'll let you know.
Thanks
Regards
Jan Černý
Security Technologies | Red Hat, Inc.
----- Original Message -----
> From: "Bruno Ducrot" <bruno at poupinou.org>
> To: "Jan Cerny" <jcerny at redhat.com>
> Cc: open-scap-list at redhat.com, "William Munyan" <William.Munyan at cisecurity.org>
> Sent: Monday, September 11, 2017 6:18:59 PM
> Subject: Re: [Open-scap] Implementation for an AppArmor probe.
>
> Hi Jan,
>
> On Mon, Sep 11, 2017 at 09:44:40AM -0400, Jan Cerny wrote:
> > Hi Bruno,
> >
> > this is awesome.
> >
> > However, as Bill pointed out, AppArmor support was added to OVAL standard
> > in version 5.11.2.
>
> Indeed.
>
> >
> > If you remove the schema changes of 5.11.0 it would be better.
> > We already have 5.11.2 schemas in the repository, so it should be enough
> > to change the version in your OVAL files.
> > I think we shouldn't add any custom extensions to the schemas in
> > schemas/oval
> > directory in OpenSCAP repository. One of the use-cases of oscap is to
> > verify whether the content complies with OVAL standard, which would be
> > broken with the patch :-)
> >
> > Also, since AppArmor probe is in Linux namespace, I don't see a need to
> > create any new options in ./configure. The probes aren't Red Hat specific.
> > For example we have DPKG info probe, which is used only on Ubuntu and
> > Debian,
> > and we don't have a special option for that. It just doesn't compile the
> > probe
> > binary on RHEL/Fedora. I think AppArmor probe is a similar case.
>
> Ok. But there is no real library dependancies, so it will be
> compiled under systems without AppArmor.
>
> The next iteration can be found here :
> http://poupinou.org/SCAP/openscap-apparmor-20170911.diff
>
> That one is against current git, instead of 1.2.15. I'm planing to clone the
> openscap
> git, just in case I'll have to do more stuff.
>
> There is still the unit tests to be written though. I hope doing so
> this week, but I'm a bit busy atm.
>
> >
> > Overall, I think that there is a very high chance to include the probe to
> > upstream.
> > I'm looking forward to your contributions.
>
> Thanks !
>
>
> --
> Bruno Ducrot
>
> -- Which is worse: ignorance or apathy?
> -- Don't know. Don't care.
>
More information about the Open-scap-list
mailing list