Thanks for the info and background! Some of us are going to be at the NIST IT Security Automation Conference this week in case you're planning to attend.
We're hoping for sooner than "months" for a QA'ed release candidate. Much of the development has gone a lot slower than expected, due to the overhead/formatting requirements of SCAP. That said, figuring out hot to do this the open-source way should hopefully be a one-time cost (and future releases would happen much faster).
On 10/01/2012 11:52 AM, Andrew Gilmore wrote:
Date: Sun, 30 Sep 2012 14:50:15 -0400 From: Shawn Wells <shawn@redhat.com <mailto:shawn@redhat.com>> To: scap-security-guide@lists.fedorahosted.org <mailto:scap-security-guide@lists.fedorahosted.org> Subject: Re: [PATCH] Fixed typo in example iptables network/netmask pair for limiting ssh port to trusted networks. Message-ID: <50689467.5000400@redhat.com <mailto:50689467.5000400@redhat.com>> Content-Type: text/plain; charset=UTF-8; format=flowed On 9/28/12 1:21 PM, Andrew Gilmore wrote: > -<pre>-A RH-Firewall-1-INPUT -s netwk /mask -m state --state NEW -p tcp --dport 22 -j ACCEPT</pre> > +<pre>-A RH-Firewall-1-INPUT -s netwk/mask -m state --state NEW -p tcp --dport 22 -j ACCEPT</pre> Thanks for the catch! Ack Please push (or indicate you need someone to do so for you).
I don't have write access, this patch was mostly a drive by.
Please push.
My agency is attempting to STIG a CentOS 6 image themselves, and I both don't have time to wait, and thought someone else was probably doing it. I'm glad you all are, but seems like you're months out as well from production release. I know, I know, it is done when it is done. :)
I should probably introduce myself, as well. I work for a Dept. of Interior agency on databases and hydrology, but sometimes dabble here and there. :) I have contributed to the CIS benchmarks for RHEL 5 and 6, and have all of two lines of code in the linux kernel. :)
Thanks,
Andrew
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide