Hi All,
After much delaying, we're hoping to start integrating our SIMP-specific
methods for meeting the various policy requirements directly into the SSG.
Unfortunately, this is providing to be a bit hairy and I'd like to know
what you would prefer.
## Option 1: Fork the Entire RHEL base into SIMP/{6,7} etc...
- We're not another OS, we're a specific (flexible) configuration set for
RHEL and/or CentOS
- I'd really like to avoid this
## Option 2: Muck about directly in the RHEL space
- This is my preference and I can 100% start with a set of profiles that
mirror the existing profiles. I guess this would be prefaced with 'simp'.
So, simp-C2S.xml, simp-pci-dss.xml, etc...
- We will also need to add alternate OVAL checks that are specific to SIMP.
For instance, per policy, our auditd file is optimized, this means that
none of the included checks will pass and we need alternate checks.
And no, in general, there is no way to determine if you're on a SIMP system
unless it's the Puppet Server. It's just RHEL.
Advice appreciated.
Thanks,
Trevor
--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788
-- This account not approved for unencrypted proprietary information --