> There are many known tips and tricks how to make a system more secure, often
> depending on the use case for the system. With the OSCAP Anaconda Addon [1]
> and the SCAP Security Guide [2] projects, we may allow users choosing a
> security policy for their newly installed system.
>
> What is the
> > There are many known tips and tricks how to make a system more secure,
> > often
> > depending on the use case for the system. With the OSCAP Anaconda Addon [1]
> > and the SCAP Security Guide [2] projects, we may allow users choosing a
> > security policy for their newly installed system.
> >
>
> How would this alter the default user installation experience?
Please have a look at the demo images / videos available at:
https://fedorahosted.org/oscap-anaconda-addon/wiki/Demos
Basically there would be one "SECURITY" section added (with
"SECURITY PROFILE" subsection) into the Anaconda'
> On Thu, Mar 13, 2014 at 01:40:53PM -0400, Jan Lieskovsky wrote:
>
> > Of course, in the case they wouldn't like to configure any security
> > policy and use just vanilla Fedora installation, the can "ignore"
> > the security section, configure just those
> On Thu, Mar 13, 2014 at 02:45:58PM -0400, Jan Lieskovsky wrote:
> > > The demos seem to cover the case where there's already data provided
> > > from the Kickstart file. What options are presented to the user if
> > > there's no oscap entry in Kick
> Existing NIST and Red Hat documentation on OpenSCAP says that it's for
> enterprise-level Linux infrastructure.
The possibilities of SCAP protocol:
[1] http://scap.nist.gov/
[2] http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf
[3] http://en.wikipedia.org/wiki/Securit
> - Original Message -
> >
> >
> > Existing NIST and Red Hat documentation on OpenSCAP says that it's for
> > enterprise-level Linux infrastructure. Is any Fedora 21 product targeted
> > mainly for enterprise deployment? Is OpenSCAP being retargeted for general
> > purpose level infrastru
> On Fri, Mar 14, 2014 at 06:25:03AM -0400, Jan Lieskovsky wrote:
>
> > One hypothetical [*] scenario coming to my mind being the users might be
> > willing to provide customized policy content to Fedora installation. Let's
> > suppose the case there is a SCAP conte
> Jan Lieskovsky (jlies...@redhat.com) said:
> > > Is any Fedora 21 product targeted
> > > mainly for enterprise deployment?
> >
> > The vice versa view. Rather effort to use security configuration,
> > vulnerability and patch
> > management also in
> On Fri, Mar 14, 2014 at 09:25:16AM -0400, Eric H. Christensen wrote:
>
> > I disagree with this assessment. The workstation is exactly where much of
> > these hardening needs to take place. I can't see an installation that
> > wouldn't benefit from this feature.
>
> If there's a default polic
Thank you for the proposal, Bill.
- Original Message -
> From: "Bill Nottingham"
> Vratislav Podzimek (vpodz...@redhat.com) said:
> > Thanks for your feedback, it definitely is constructive! I've recorded a
> > video preview demostrating the feature's functionality. Hope that
> > answers
> > Can you be more concrete which term(s) you don't understand? Maybe you are
> > right and the concept needs to be better explained / presented differently
> > prior wider adoption [**].
>
> What is a "Data stream"? What is a "Checklist"? How do I know which ones
> to pick?
Datastream is one of
- Original Message -
> From: "Chris Murphy"
> On Mar 14, 2014, at 1:06 PM, "Eric H. Christensen"
> wrote:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> >
> > On Fri, Mar 14, 2014 at 06:59:18PM +, Matthew Garrett wrote:
> >> On Fri, Mar 14, 2014 at 02:57:33PM -0400, Ste
- Original Message -
> From: "Flavio Leitner"
> To: devel@lists.fedoraproject.org
> Sent: Wednesday, May 14, 2014 6:29:07 PM
> Subject: fedpkg update returning internal server error
>
> Hi,
>
> I am trying to push openvswitch to f20, but I am receiving this:
>
> [makerpm@t520 openvswitc
Hello guys,
I have recently joined the Red Hat Security Technologies Team,
here in Brno, to help co-maintain pyOpenSSL and authconfig packages
(besides other responsibilities in the team).
I have previously worked for Red Hat Security Response Team, so some
of you might know me already due to
Hello guys,
have submitted review request for scap-security-guide rpm for Fedora:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1018905
The goal of the Fedora scap-security-rpm project is:
* provide primary SCAP protocol content for oscap / scap-workbench,
intended for use for scanning of
Thanks Peter. Noticed && replied. Will reply / deal with
Zbigniew's comments (c#4) yet too.
Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team
- Original Message -
> From: "Peter Vrabec"
> To: "Jan Lieskovsky"
>
>
> Hi,
> my name is Vit Mojzis, new addition to SELinux team.
> In the foreseeable future I'll be co-maintaining SELinux userspace tools.
> Though fresh out of school, I'm a quick study and hope to become a valuable
> member of Fedora Project.
Welcome to the Fedora contributors community, Vit!
Hello folks,
(apologize for the wide distribution, hopefully someone would be able
to help me with the issue below).
we develop a tool performing security scans / audits of the system. This tool
is able to compare the system in question against various rules. And one of
these
rules ('Verify
Hello guys,
I have one source which has the form of (in the last part of it's URI):
"checklist-cce-feed?id=295" (the source doesn't seem to be available otherwise
than via aforementioned query string - or at least I wasn't able to obtain
it's final location past the query => if you known th
- Original Message -
> From: "mrnuke"
> To: devel@lists.fedoraproject.org
> Sent: Thursday, December 5, 2013 3:37:14 PM
> Subject: Re: FTBFS if "-Werror=format-security" flag is used
>
> On 12/05/2013 07:38 AM, Ralf Corsepius wrote:
> > As I see it, GCC's -Wformat-security is too unreliab
- Original Message -
> From: "Ralf Corsepius"
> To: devel@lists.fedoraproject.org
> Sent: Thursday, December 5, 2013 7:11:19 PM
> Subject: Re: FTBFS if "-Werror=format-security" flag is used
>
> On 12/05/2013 06:38 PM, Michael scherer wrote:
> > On Wed, Dec 04, 2013 at 08:25:54PM -0600, m
22 matches
Mail list logo
