----- Original Message -----
From: "Shawn Wells" swells@redhat.com To: scap-security-guide@lists.fedorahosted.org Sent: Friday, December 6, 2013 3:31:45 PM Subject: Re: [PATCH] [Shared] Add initial shared OVAL check for 'Verify that Shared Library Files Have Restrictive Permissions' rule [was: [PATCH] [RFC] Creating shared bash script directory]
Ack - pls push
Thanks a lot.
Pushed as: https://git.fedorahosted.org/cgit/scap-security-guide.git/commit/?id=b8bcb23...
Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
Shawn Wells Director, Innovation Programs shawn@redhat.com | 443.534.0130 @shawndwells
On Dec 6, 2013, at 5:56 AM, Jan Lieskovsky jlieskov@redhat.com wrote:
Hello folks,
can I go ahead and push this patch upstream?
Right now it doesn't touch RHEL-6 code at all (RHEL-6 can be attached later via symlinks to existing tests and providing attestations).
But having this in upstream repo could simplify the approach to me (not to need to keep two separate local git streams), and focus on fixing further child bugs which might arise when trying to implement this (like the already mentioned "platform" XSLT transformation, checking for presence of attestation for that platform, the -devel option etc.)
RHEL-6 can start joining this scheme later gradually moving selected rules they to be used / obtained from the shared directory (once confirmed for work on RHEL-6 too).
And should this have shown as to be a non-viable way, we can always return back to the old (OVAL checks pre product) schema later just by moving the checks and removing the symlinks (whole /shared content).
Would this be just Fedora specific change, would go ahead and push (and count with the responsibility that if some issue is found later, I will need to fix it).
But since it introduces new main directory structure, would like to have your blessing first / prior doing that.
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Technologies Team
----- Original Message -----
From: "Jan Lieskovsky" jlieskov@redhat.com To: scap-security-guide@lists.fedorahosted.org Sent: Thursday, December 5, 2013 7:53:22 PM Subject: [PATCH] [Shared] Add initial shared OVAL check for 'Verify that Shared Library Files Have Restrictive Permissions' rule [was: [PATCH] [RFC] Creating shared bash script directory]
Based on thread: https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-December/t...
this patch adds first OVAL check into scap-security-guide/shared/oval directory and modifies main Makefile wrt to building Fedora packages it to include OVAL checks directly provided in input/checks directory, together with those linked from shared/ directory.
For now didn't change the value of <platform> element (didn't implement the XSLT transformation it to be modified automatically based on underlying system version content is build at) - will do this in next steps, once we have agreed on the expected form of test_attestation element.
Passed basic sanity && regression testing on Fedora system.
RHEL-6 content has been intentionally kept intact till the moment, we are sure about the final shared OVAL check form.
Please review.
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Technologies Team
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide