The VA has adopted the DISA STIG and CentOS has been approved for development servers. I think there are enclave requirements, nevertheless, it can be used.
Mike
Date: Thu, 22 May 2014 17:06:32 -0400 From: Shawn Wells shawn@redhat.com To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Subject: Re: Scap for Centos Message-ID: 537E66D8.9040604@redhat.com Content-Type: text/plain; charset=UTF-8; format=flowed
On 5/22/14, 3:43 PM, Derek Warner wrote:
Any chance anyone is working on getting SCAP to work on CENTOS? I would love to use the scap security guide and secstate to validate CENTOS 6.5. Right now its a manual process going line by line in the RHEL 5 STIG. I would really love to find out if anyone has anything automated that works on CENTOS.
Given that CentOS isn't allowed on DoD networks, there is no STIG, no common criteria, no support, and doesn't meet any of the mandatory regulatory requirements, what's driving the need?
I don't get it. Reading this line from the FAQ "No, CentOS releases will follow shortly after the release of Red Hat Enterprise Linux source. " leads me to believe that CentOS will be largely usable as it has been, as a free, completely compatible version of RHEL. Yes, with challenges in errata availability, but that's the use case.
Suggesting that CentOS is going to be *upstream* of RHEL suggests several other valuable, but completely different, uses. I'm not sure this is a great move, as I see bigger challenges coming from the free and polished desktop side (*cough* Ubuntu).
RHEL 7 should be very interesting.
On Thu, May 22, 2014 at 4:05 PM, Mike Johnson mikerjohnson@gmail.comwrote:
The VA has adopted the DISA STIG and CentOS has been approved for development servers. I think there are enclave requirements, nevertheless, it can be used.
Mike
Date: Thu, 22 May 2014 17:06:32 -0400 From: Shawn Wells shawn@redhat.com To: SCAP Security Guide scap-security-guide@lists.fedorahosted.org Subject: Re: Scap for Centos Message-ID: 537E66D8.9040604@redhat.com Content-Type: text/plain; charset=UTF-8; format=flowed
On 5/22/14, 3:43 PM, Derek Warner wrote:
Any chance anyone is working on getting SCAP to work on CENTOS? I would love to use the scap security guide and secstate to validate CENTOS 6.5. Right now its a manual process going line by line in the RHEL 5 STIG. I would really love to find out if anyone has anything automated that works on CENTOS.
Given that CentOS isn't allowed on DoD networks, there is no STIG, no common criteria, no support, and doesn't meet any of the mandatory regulatory requirements, what's driving the need?
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
On 5/22/14, 6:14 PM, Andrew Gilmore wrote:
I don't get it. Reading this line from the FAQ "No, CentOS releases will follow shortly after the release of Red Hat Enterprise Linux source. " leads me to believe that CentOS will be largely usable as it has been, as a free, completely compatible version of RHEL. Yes, with challenges in errata availability, but that's the use case.
Suggesting that CentOS is going to be *upstream* of RHEL suggests several other valuable, but completely different, uses. I'm not sure this is a great move, as I see bigger challenges coming from the free and polished desktop side (*cough* Ubuntu).
https://community.redhat.com/centos-faq/#_centos_and_variants
The underlying perception is that historically RHEL6 == CentOS6. In the future, as CentOS develops into it's own community, the two will diverge measurably (which is a good thing for the community, IMO!). This allows Fedora to track closer to upstream, CentOS to serve special development platform needs, RHEL to serve enterprise. We may encounter a situation akin to Fedora 30, CentOS 10, RHEL 7... all on different release cycles, all with different spins and purposes.
RHEL 7 should be very interesting.
Download & play with the release candidate! https://access.redhat.com/site/products/Red_Hat_Enterprise_Linux/Get-Beta
I'd wager you're getting at the evolution of the community, though. And you're right. It'll be interesting.
I expect a large portion of the current (non-paying!) CentOS community will feel hijacked.
This is going rapidly off-topic, so skip this one if you desire!
I've installed both the RHEL 7 beta and RC1. I've liked what I've seen so far, I just hope the churn in the program availability on the desktop is kept up with to the point that I can use current multi-media tools. I'm not hopeful.
Here's my current use of Linux: I admin two RHEL servers for work. I run Fedora 20 in a laptop VM and at home on the desktop, as well as a CentOS 6 server. I attempted to run a couple of CentOS 6 desktops at home, but failed miserably with multimedia and video-editing tools.
Since my recent bad experiences with Fedora 20, and hearing that Fedora is for working on, not to actually work, I'm reconsidering what to run on the desktop.
I almost installed Ubuntu the other day, because of their reputation to be more stable than Fedora and more up-to-date than RHEL. I'd rather not, but I may have to go there. Guess what I would then be recommending for the next OS refresh at work?
I've been using Redhat since 5.2 (that's 1998). It's a bit depressing.
On Thu, May 22, 2014 at 4:24 PM, Shawn Wells shawn@redhat.com wrote:
On 5/22/14, 6:14 PM, Andrew Gilmore wrote:
I don't get it. Reading this line from the FAQ "No, CentOS releases will follow shortly after the release of Red Hat Enterprise Linux source. " leads me to believe that CentOS will be largely usable as it has been, as a free, completely compatible version of RHEL. Yes, with challenges in errata availability, but that's the use case.
Suggesting that CentOS is going to be *upstream* of RHEL suggests several other valuable, but completely different, uses. I'm not sure this is a great move, as I see bigger challenges coming from the free and polished desktop side (*cough* Ubuntu).
https://community.redhat.com/centos-faq/#_centos_and_variants
The underlying perception is that historically RHEL6 == CentOS6. In the future, as CentOS develops into it's own community, the two will diverge measurably (which is a good thing for the community, IMO!). This allows Fedora to track closer to upstream, CentOS to serve special development platform needs, RHEL to serve enterprise. We may encounter a situation akin to Fedora 30, CentOS 10, RHEL 7... all on different release cycles, all with different spins and purposes.
RHEL 7 should be very interesting.
Download & play with the release candidate! https://access.redhat.com/site/products/Red_Hat_Enterprise_Linux/Get-Beta
I'd wager you're getting at the evolution of the community, though. And you're right. It'll be interesting.
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
I'll take your hijack challenge!
I've had no issues with Fedora 20 on the desktop and I'm hoping that CentOS steps in and essentially becomes Fedora LTS to counter the Ubuntu LTS distros. It would be VERY nice to have something stable in the Red Hat family that can run the latest tools and utilities (and Chrome).
I tried using Ubuntu and just found it to be....clunky and I generally don't like the way Debian distros do startup scripts.
Trevor
On Thu, May 22, 2014 at 6:40 PM, Andrew Gilmore agilmore2@gmail.com wrote:
I expect a large portion of the current (non-paying!) CentOS community will feel hijacked.
This is going rapidly off-topic, so skip this one if you desire!
I've installed both the RHEL 7 beta and RC1. I've liked what I've seen so far, I just hope the churn in the program availability on the desktop is kept up with to the point that I can use current multi-media tools. I'm not hopeful.
Here's my current use of Linux: I admin two RHEL servers for work. I run Fedora 20 in a laptop VM and at home on the desktop, as well as a CentOS 6 server. I attempted to run a couple of CentOS 6 desktops at home, but failed miserably with multimedia and video-editing tools.
Since my recent bad experiences with Fedora 20, and hearing that Fedora is for working on, not to actually work, I'm reconsidering what to run on the desktop.
I almost installed Ubuntu the other day, because of their reputation to be more stable than Fedora and more up-to-date than RHEL. I'd rather not, but I may have to go there. Guess what I would then be recommending for the next OS refresh at work?
I've been using Redhat since 5.2 (that's 1998). It's a bit depressing.
On Thu, May 22, 2014 at 4:24 PM, Shawn Wells shawn@redhat.com wrote:
On 5/22/14, 6:14 PM, Andrew Gilmore wrote:
I don't get it. Reading this line from the FAQ "No, CentOS releases will follow shortly after the release of Red Hat Enterprise Linux source. " leads me to believe that CentOS will be largely usable as it has been, as a free, completely compatible version of RHEL. Yes, with challenges in errata availability, but that's the use case.
Suggesting that CentOS is going to be *upstream* of RHEL suggests several other valuable, but completely different, uses. I'm not sure this is a great move, as I see bigger challenges coming from the free and polished desktop side (*cough* Ubuntu).
https://community.redhat.com/centos-faq/#_centos_and_variants
The underlying perception is that historically RHEL6 == CentOS6. In the future, as CentOS develops into it's own community, the two will diverge measurably (which is a good thing for the community, IMO!). This allows Fedora to track closer to upstream, CentOS to serve special development platform needs, RHEL to serve enterprise. We may encounter a situation akin to Fedora 30, CentOS 10, RHEL 7... all on different release cycles, all with different spins and purposes.
RHEL 7 should be very interesting.
Download & play with the release candidate! https://access.redhat.com/site/products/Red_Hat_Enterprise_Linux/Get-Beta
I'd wager you're getting at the evolution of the community, though. And you're right. It'll be interesting.
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide@lists.fedorahosted.org
-
Andrew Gilmore -
Mike Johnson -
Shawn Wells -
Trevor Vaughan