F21 Self Contained Change: Security Policy In The Installer

Jan Lieskovsky jlieskov at redhat.com
Fri Mar 14 12:36:16 UTC 2014 

> ----- Original Message -----
> > 
> > 
> > Existing NIST and Red Hat documentation on OpenSCAP says that it's for
> > enterprise-level Linux infrastructure. Is any Fedora 21 product targeted
> > mainly for enterprise deployment? Is OpenSCAP being retargeted for general
> > purpose level infrastructure. If so, will (or should) at least a
> > significant
> > minority, say 33%, of GUI installer using end-users make use of this
> > feature?
> 
> I'd say this is a nice feature for Server product, of course, does not make
> much sense to be shown by default in Workstation product installer.
> 
> One more thing - there's System Wide Crypto policy Change proposed, would
> it make sense to be covered by this spoke too?

Depends what you mean under "to be covered by this spoke too" - once the Nikos'
CryptoPolicy proposal is implemented we can definitely add a SSG content rule,
that when selected would return failure as result of the scan on system not
meeting the requirement LEVEL-* requirement.

But if under "covered by this spoke too" you meant there should be another 
explicit field for CRYPTO POLICY in the proposed SECURITY section (allowing
the user to select from proposed levels like LEVEL-128, LEVEL-256 etc),
I am not sure it is necessary (since as noted above the desired level can
be enforced by policy rule specification / implementation).

Can you clarify?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team

> Or are there any other
> security
> related bits for Anaconda?
> 
> Jaroslav
> 
> > What does setting a security profile in Anaconda achieve that can't be
> > done,
> > or done as effectively, post-install?
> > 
> > 
> > Chris Murphy
> > --
> > devel mailing list
> > devel at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/devel
> > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

More information about the devel mailing list