Hi Miguel,
The CentOS 7 content is created from the RHEL 7 content by a script
that replaces some values and removes some profiles.
If you want to add new CentOS 7 profile, you need to add this profile
to RHEL 7 first by creating a profile file in `/rhel7/profiles/`
directory.
Then, add the profile ID to list in `standard_profiles` variable in
ssg/constants.py on line 74.
You're correct that some profiles can't exist on CentOS because they
require vendor supported and/or certified system. If ENS doesn't
require that, then it should be OK to enable ENS profile on CentOS.
Regards
On Tue, Dec 10, 2019 at 11:34 AM Kuko Armas <kuko(a)canarytek.com> wrote:
Hello, I'm starting to take a look at the SSG content repo in github, and I tried to
create a new profile for rhel7 for the spanish ENS (National Security Scheme). But when I
build the content, I get the new profile only on the rhel7 main product and not on the
derivatives (centos7 and sl7)
I also noticed that in the derivatives data source there are only two profiles: standard
and pci-dss, none of the additional profiles are included. I guess it may be because in
some profiles you really need rhel7 and not a community release, because they are not
certified, but as I understand in my case (ENS) centos is included in the hardening
guides.
What do I need to do if I wan't to include it in the derivatives?
Salu2!
--
Miguel Armas
CanaryTek Consultoria y Sistemas SL
http://www.canarytek.com/
_______________________________________________
scap-security-guide mailing list -- scap-security-guide(a)lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fe...
--
Jan Černý
Security Technologies | Red Hat, Inc.