----- Original Message -----
From: "Trevor Vaughan" <tvaughan(a)onyxpoint.com>
To: "SCAP Security Guide" <scap-security-guide(a)lists.fedorahosted.org>
Sent: Monday, October 31, 2016 4:42:51 PM
Subject: Integration Etiquitte
Hi All,
After much delaying, we're hoping to start integrating our SIMP-specific
methods for meeting the various policy requirements directly into the SSG.
Unfortunately, this is providing to be a bit hairy and I'd like to know
what you would prefer.
## Option 1: Fork the Entire RHEL base into SIMP/{6,7} etc...
- We're not another OS, we're a specific (flexible) configuration set for
RHEL and/or CentOS
- I'd really like to avoid this
## Option 2: Muck about directly in the RHEL space
- This is my preference and I can 100% start with a set of profiles that
mirror the existing profiles. I guess this would be prefaced with 'simp'.
So, simp-C2S.xml, simp-pci-dss.xml, etc...
- We will also need to add alternate OVAL checks that are specific to SIMP.
For instance, per policy, our auditd file is optimized, this means that
none of the included checks will pass and we need alternate checks.
And no, in general, there is no way to determine if you're on a SIMP system
unless it's the Puppet Server. It's just RHEL.
Could you please send an example of the differences between simp-pci-dss and
pci-dss profiles.
--
Martin Preisler
Identity Management and Platform Security | Red Hat, Inc.