Hi Miguel,
The CentOS 7 content is created from the RHEL 7 content by a script that replaces some values and removes some profiles.
If you want to add new CentOS 7 profile, you need to add this profile to RHEL 7 first by creating a profile file in `/rhel7/profiles/` directory. Then, add the profile ID to list in `standard_profiles` variable in ssg/constants.py on line 74.
You're correct that some profiles can't exist on CentOS because they require vendor supported and/or certified system. If ENS doesn't require that, then it should be OK to enable ENS profile on CentOS.
Regards
On Tue, Dec 10, 2019 at 11:34 AM Kuko Armas kuko@canarytek.com wrote:
Hello, I'm starting to take a look at the SSG content repo in github, and I tried to create a new profile for rhel7 for the spanish ENS (National Security Scheme). But when I build the content, I get the new profile only on the rhel7 main product and not on the derivatives (centos7 and sl7)
I also noticed that in the derivatives data source there are only two profiles: standard and pci-dss, none of the additional profiles are included. I guess it may be because in some profiles you really need rhel7 and not a community release, because they are not certified, but as I understand in my case (ENS) centos is included in the hardening guides.
What do I need to do if I wan't to include it in the derivatives?
Salu2!
Miguel Armas CanaryTek Consultoria y Sistemas SL http://www.canarytek.com/
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...