On 03/16/2012 04:27 PM, Jeffrey Blank wrote:
Wow, that's a great list. However, I am (slightly) worried about
high
speed copy-paste from the RHEL 5 SNAC guide into the project.
A few quick notes:
1)
If a section seems to have been completed previously (by me) but
something is oddly missing, ask. There may be reasons some things
were not moved.
2)
If there is a section in the SNAC guide that is instructive but which
cannot possibly have an OVAL check (such as for BIOS settings), just
put the information into an XCCDF Group. Later, we can create OCIL
content to handle things that will absolutely require manual
inspection (or relate to policy/procedures).
There is a down side to this in that
we can't attach ident/ref's to
groups. We could always just list the controls in the description for
these but it seems very kludgy. Putting rules in for these and making
do with the unknown in the results would probably serve us better in the
long run. Any and all unknown results should be reviewed manually anyway.
Similarly, if a section has discussed doing something that is
necessary/relevant but on its own is really a configuration action
(and not a security setting), such as installing some network service,
this should be in an XCCDF Group and not a Rule. Rules are only for
compliance checking. For example, I don't think we need to verify
that httpd is installed, even if a system is being evaluated against a
web server profile (and please let's save the "value of checking for
packaged vs unpackaged software" discussion for another time).
3)
In general, please try to perform a positive and negative test for
each item. I'd really appreciate one round of QA prior to a commit/push.
4)
Feel free to reorganize if you can improve on the original logical
structure (but ask the list if it's significant).
And of course, everything's negotiable. But these were some of my
personal guidelines when committing content earlier, and I think they
will serve us well.
Jeff
On 03/15/2012 10:01 AM, Kevin Spargur wrote:
> Hey all,
>
> I've done a quick review of the SSG as far as were we stand in
> comparison milestone 1 objectives. We are missing roughly 195/634 or
> about 31% of the line items needed to meet milestone 1. The exact line
> items missing are specified in the attached. I've opened tickets for
> each piece up on the SSG site
> (
https://fedorahosted.org/scap-security-guide/report/2). If your working
> on a section it would be great if you took the ticket so we can try and
> avoid duplication of effort where possible.
>
> Thanks,
>
> Kevin Spargur
>
>
> _______________________________________________
> scap-security-guide mailing list
> scap-security-guide(a)lists.fedorahosted.org
>
https://fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/scap-security-guide