Hello,
I am currently in the mist of securing some of my systems with the BIND and HTTP STIGs, and
Sorry user keyboard error.
I am currently in the mist of securing some of my systems with the BIND and HTTP STIGs, and was wanting to add them back into the scap-security-guide content when I am done. My question is should there be a separate content tree like what we have for RHEL/6, RHEL/7, etc. but for BIND and HTTP, or should the XCCDF be added to RHEL/6/input/services/dns.xml and RHEL/6/input/services/http.xml?
Thanks,
Gabe
On Fri, Mar 20, 2015 at 6:57 AM, Gabe Alford redhatrises@gmail.com wrote:
Hello,
I am currently in the mist of securing some of my systems with theBIND and HTTP STIGs, and
Depends on how agnostic the content is.
E.g the webmin is also meant to work on Gentoo/Ubuntu in addition to RHEL, so made sense for its own tree.
-- Shawn Wells Director, Innovation Programs shawn@redhat.com | 443.534.0130 @shawndwells
On Mar 20, 2015, at 9:01 AM, Gabe Alford redhatrises@gmail.com wrote:
Sorry user keyboard error.
I am currently in the mist of securing some of my systems with the BIND and HTTP STIGs, and was wanting to add them back into the scap-security-guide content when I am done. My question is should there be a separate content tree like what we have for RHEL/6, RHEL/7, etc. but for BIND and HTTP, or should the XCCDF be added to RHEL/6/input/services/dns.xml and RHEL/6/input/services/http.xml?
Thanks,
Gabe
On Fri, Mar 20, 2015 at 6:57 AM, Gabe Alford redhatrises@gmail.com wrote: Hello,
I am currently in the mist of securing some of my systems with the BIND and HTTP STIGs, and-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
Depends on how agnostic the content is.
It would just be primarily for the RHEL/Fedora products and derivatives i.e CentOS, etc.
Gabe
On Fri, Mar 20, 2015 at 7:07 AM, Shawn Wells shawn@redhat.com wrote:
Depends on how agnostic the content is.
E.g the webmin is also meant to work on Gentoo/Ubuntu in addition to RHEL, so made sense for its own tree.
-- Shawn Wells Director, Innovation Programs shawn@redhat.com | 443.534.0130 @shawndwells
On Mar 20, 2015, at 9:01 AM, Gabe Alford redhatrises@gmail.com wrote:
Sorry user keyboard error.
I am currently in the mist of securing some of my systems with the BIND and HTTP STIGs, and was wanting to add them back into the scap-security-guide content when I am done. My question is should there be a separate content tree like what we have for RHEL/6, RHEL/7, etc. but for BIND and HTTP, or should the XCCDF be added to RHEL/6/input/services/dns.xml and RHEL/6/input/services/http.xml?
Thanks,
Gabe
On Fri, Mar 20, 2015 at 6:57 AM, Gabe Alford redhatrises@gmail.com wrote:
Hello,
I am currently in the mist of securing some of my systems withthe BIND and HTTP STIGs, and
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
+1 Gabe! It would be great to see open source XCCDF in SSG for software above the OS.
Greg Elin
On Fri, Mar 20, 2015 at 10:56 AM, Shawn Wells shawn@redhat.com wrote:
On 3/20/15 9:23 AM, Gabe Alford wrote:
Depends on how agnostic the content is.
It would just be primarily for the RHEL/Fedora products and derivatives i.e CentOS, etc.
Makes sense to drop into existing directories. Definitely looking forward to the patches!
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
On Fri, Mar 20, 2015 at 10:56 AM, Shawn Wells shawn@redhat.com wrote:
On 3/20/15 9:23 AM, Gabe Alford wrote:
Depends on how agnostic the content is.
It would just be primarily for the RHEL/Fedora products and derivatives i.e CentOS, etc.
Makes sense to drop into existing directories. Definitely looking forward to the patches!
So.... I keep going over this back and forth in my head, as the BIND and HTTP would follow the Application and Web Server SRGs and not the OS SRG, does it make sense to put the STIGs in the OS derivative directories, i.e. RHEL/6,or somewhere else like maybe RHEL/apps and RHEL/webservers? Of course if a person is using RHEL, it would be reasonable to assume that that individual is using the HTTP and BIND versions officially supported with the OS version, so maybe it does make sense to go under RHEL/6 for example?
Gabe
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
scap-security-guide@lists.fedorahosted.org
-
Gabe Alford -
Greg Elin -
Shawn Wells