From: "Shawn Wells" <swells(a)redhat.com>
To: scap-security-guide(a)lists.fedorahosted.org
Sent: Friday, December 6, 2013 3:31:45 PM
Subject: Re: [PATCH] [Shared] Add initial shared OVAL check for 'Verify that Shared
Library Files Have Restrictive
Permissions' rule [was: [PATCH] [RFC] Creating shared bash script directory]
Ack - pls push
Thanks a lot.
Pushed as:
---
Shawn Wells
Director, Innovation Programs
shawn(a)redhat.com | 443.534.0130
@shawndwells
> On Dec 6, 2013, at 5:56 AM, Jan Lieskovsky <jlieskov(a)redhat.com> wrote:
>
> Hello folks,
>
> can I go ahead and push this patch upstream?
>
> Right now it doesn't touch RHEL-6 code at all (RHEL-6 can
> be attached later via symlinks to existing tests and providing
> attestations).
>
> But having this in upstream repo could simplify the approach
> to me (not to need to keep two separate local git streams),
> and focus on fixing further child bugs which might arise when
> trying to implement this (like the already mentioned "platform"
> XSLT transformation, checking for presence of attestation for
> that platform, the -devel option etc.)
>
> RHEL-6 can start joining this scheme later gradually moving
> selected rules they to be used / obtained from the shared directory
> (once confirmed for work on RHEL-6 too).
>
> And should this have shown as to be a non-viable way, we can
> always return back to the old (OVAL checks pre product) schema
> later just by moving the checks and removing the symlinks (whole
> /shared content).
>
> Would this be just Fedora specific change, would go ahead and push
> (and count with the responsibility that if some issue is found
> later, I will need to fix it).
>
> But since it introduces new main directory structure, would
> like to have your blessing first / prior doing that.
>
> Thank you && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Technologies Team
>
> ----- Original Message -----
>> From: "Jan Lieskovsky" <jlieskov(a)redhat.com>
>> To: scap-security-guide(a)lists.fedorahosted.org
>> Sent: Thursday, December 5, 2013 7:53:22 PM
>> Subject: [PATCH] [Shared] Add initial shared OVAL check for 'Verify that
>> Shared Library Files Have Restrictive
>> Permissions' rule [was: [PATCH] [RFC] Creating shared bash script
>> directory]
>>
>>
>> Based on thread:
>>
https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-Decembe...
>>
>> this patch adds first OVAL check into scap-security-guide/shared/oval
>> directory
>> and modifies main Makefile wrt to building Fedora packages it to include
>> OVAL
>> checks directly provided in input/checks directory, together with those
>> linked
>> from shared/ directory.
>>
>> For now didn't change the value of <platform> element (didn't
implement
>> the
>> XSLT transformation it to be modified automatically based on underlying
>> system
>> version content is build at) - will do this in next steps, once we have
>> agreed
>> on the expected form of test_attestation element.
>>
>> Passed basic sanity && regression testing on Fedora system.
>>
>> RHEL-6 content has been intentionally kept intact till the moment, we are
>> sure
>> about the final shared OVAL check form.
>>
>> Please review.
>>
>> Thank you && Regards, Jan.
>> --
>> Jan iankko Lieskovsky / Red Hat Security Technologies Team
>>
>> _______________________________________________
>> scap-security-guide mailing list
>> scap-security-guide(a)lists.fedorahosted.org
>>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
> _______________________________________________
> scap-security-guide mailing list
> scap-security-guide(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide