BoF at 14:00 in room Madrid !
Short: Debian doesn't provide a security guide in SCAP format, let's fix that. Long: SCAP guides are really nice for users because it's really easy "audit" (evaluate) one or many systems. Also, SCAP security guides can contain multiple profiles (Server, Desktop, Virtualisation Host...). Those profiles can further be customized by the user: enable/disable some checks, adjust threshold... The XML results can be also be converted in some nice HTML file with explanation, reference and remediation hints. The XML file could even be used for automatic remediation. In this BoF, I would like to discuss with interested parties on what should be done, how to do it, what should be supported, etc. I have grabbed some ideas/todo/pitfalls on this wiki pages: https://wiki.debian.org/SCAPGuide Franklin See: http://www.open-scap.org https://en.wikipedia.org/wiki/Security_Content_Automation_Protocol Security guides: https://fedorahosted.org/scap-security-guide/ (maintained) https://fedorahosted.org/sce-community-content/ (inactive since 2013) _______________________________________________ Debconf-discuss mailing list Debconf-discuss@lists.debconf.org http://lists.debconf.org/mailman/listinfo/debconf-discuss
