Jan,
Thanks for the detailed response. Very helpful!
Greg
On Thu, May 7, 2015 at 2:17 PM, Jan Lieskovsky jlieskov@redhat.com wrote:
Hello Greg,
----- Original Message -----
From: "Greg Elin" gregelin@gitmachines.com To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Thursday, May 7, 2015 7:24:07 PM Subject: Re: Porting RHEL6 XCDDF Profiles to RHEL7
Gabe,
Thanks. That is helpful.
So it comes down to Knowledge of -- and testing by -- developer that
RHEL6
test applies to RHEL7?
See my previous reply. But basically IMHO to be able to specify the scope of the work that needs to be done, we first need to separate RHEL-6 rules working without change (or small change) on RHEL-7 too from those, which either aren't implemented for RHEL-7 yet or would require substantial change just because the underlying system component changed substantially across the two products (so yes, this stage includes a lot of testing on RHEL-7 product).
Once this stage is finished (we have profiles ported with not working rules commented out), we can proceed to the second stage - actual implementation of the missing rules they to work properly on RHEL-7 too (of course the motivation when commenting the rules isn't they not to be available for scanning on RHEL-7, just to indicate they aren't working properly right now, and are to be included later once those issues are fixed).
Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Technologies Team
Greg Elin P: 917-304-3488 E: gregelin@gitmachines.com
Sent from my iPhone
On May 7, 2015, at 1:02 PM, Gabe Alford < redhatrises@gmail.com > wrote:
Greg,
I don't think that it should be too much of a problem migrating the
profiles.
See https://github.com/OpenSCAP/scap-security-guide/pull/550 for an
example.
Gabe
On Thu, May 7, 2015 at 10:42 AM, Greg Elin < gregelin@gitmachines.com > wrote:
Fend and I are looking at moving a client from AWS Linux to RHEL7.
We are trying to figure how we can help migrate the existing RHEL6 XCCDF profiles to RHEL7?
A number of the baseline profiles available in RHEL6 package (e.g. USGCB
and
RHEL6-Server are not currently available in either the RHEL7 SSG package
or
the RHEL7 SSG built from source.
I've skimmed the issues and the wiki pages and did not seen anything
exactly
on topic for the profiles.
- Can these RHEL6 profiles easily be ported to RHEL7, or is it a big
tasks
b/c of significant changes between 6 and 7?
- I'm treating the RHEL7 STIG as a separate baseline project from these
other
pre-existing RHEL6 baselines (with some overlap, of course). Is that
right
way or wrong way to think about it?
- Does it make sense to put together a how to and/or coordination page to
discuss the availability and porting of profiles? Fen and I would like to help, but want tackle the problem efficiently.
- Is there an overall timeline or plan for managing the XCCDF profiles?
Thanks.
Greg
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/