Notification time stamped 2020-05-27 23:23:08 UTC
=================================================
#ansible-lockdown: Ansible Lockdown Working Group
=================================================
Meeting started by cyberpear at 22:13:10 UTC. The full logs are
available at
https://meetbot.fedoraproject.org/ansible-lockdown/2020-05-27/ansible_loc...
.
Meeting summary
---------------
* Draft RHEL 8 STIG Review (cyberpear, 22:13:18)
* Draft RHEL 8 STIG Review (CAT 1) (cyberpear, 22:14:20)
* DISA should split 020330 into 2 rules (cyberpear, 22:28:45)
* DISA should drop 040060, since "The OpenSSH SSH daemon supports SSH
protocol 2 only." (man 8 sshd) (cyberpear, 22:36:54)
* Draft RHEL 8 STIG Review (CAT 2) (cyberpear, 22:43:31)
* DISA might consider crypto-policies for 010080 but only if Red Hat
fixes them to actually work (cyberpear, 22:46:15)
* DISA should split 010380 '"NOPASSWD" or "!authenticate"'
as with
RHEL 7; NOPASSWD is required w/ MFA (cyberpear, 23:02:20)
* DISA should fix 010390, esc is not required (as w/ latest RHEL 7
STIG changes) (cyberpear, 23:03:52)
* RH or DISA should handle offline PKI logins without no_ocsp option
(cyberpear, 23:05:33)
* DISA should allow 0640 mode on SSH host keys like RHEL 7 010490
(cyberpear, 23:08:32)
* investigate reversal of kdump requirement (cyberpear, 23:15:28)
* will pick up next time at 020000 (cyberpear, 23:23:05)
Meeting ended at 23:23:07 UTC.
Action Items
------------
Action Items, by person
-----------------------
* **UNASSIGNED**
* (none)
People Present (lines said)
---------------------------
* cyberpear (42)
* zodbot (5)
Generated by `MeetBot`_ 0.1.4
.. _`MeetBot`:
http://wiki.debian.org/MeetBot
https://meetbot.fedoraproject.org/ansible-lockdown/2020-05-27/ansible_loc...
--
You received this message due to your preference settings at
https://apps.fedoraproject.org/notifications/fmnmeetingminutes.id.fedorap...