Differences between revisions 1 and 8 (spanning 7 versions)
Revision 1 as of 2015-08-18 10:02:15
Size: 763
Editor: FranklinPiat
Comment: Initial commit!
Revision 8 as of 2017-02-02 21:55:03
Size: 1487
Editor: ?PetterReinholdtsen
Comment: Make note that scap-workbench is in Debian now.
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
This page is a TODO/IDEAS list to implement a SCAP guide for Debian.
This page is a TODO/IDEAS list to implement a SCAP guide for Debian.  Debian automatically generates and publishes [[https://www.debian.org/security/oval/|OVAL information]] for use by SCAP.
Line 7: Line 6:
Line 8: Line 8:
 * What are Debian CPEs (platform, family?)  * What are Debian CPEs (platform, family?). Many CPEs can be found in the testing security SVN repostory, svn+ssh://svn.debian.org/svn/secure-testing, in the data/CPE/ directory. In addition, some source packages include the known CPEs for the package in debian/upstream/metadata).
Line 18: Line 18:
 * Define communication channels so contributors can follow and participate (IRC, mailing list, etc.)
Line 23: Line 24:
== Done ==
 * Make sure [[Bug:738199|outdated]] OVAL information for Debian is updated.
 * Package [[https://tracker.debian.org/pkg/openscap|openscap]] (Bug:522265)
 * Package [[https://tracker.debian.org/pkg/scap-workbench|scap-workbench]] (Bug:750138)

Debian SCAP Guide

This page is a TODO/IDEAS list to implement a SCAP guide for Debian. Debian automatically generates and publishes OVAL information for use by SCAP.

TODO

  • Define the Profiles we want.
  • What are Debian CPEs (platform, family?). Many CPEs can be found in the testing security SVN repostory, svn+ssh://svn.debian.org/svn/secure-testing, in the data/CPE/ directory. In addition, some source packages include the known CPEs for the package in debian/upstream/metadata).

  • Define distribution we target (typically: testing then stable)
  • How to let our derivative fork easily?
  • How to cooperate with scap-security-guide
  • Test infrastructure?
  • Dashboard
    • Compare: our supported checks, upstream checks, and a wishlist.
    • Each SCAP probe should be tested, both in unstable and testing
    • Each Debian distribution should be evaluated, for each relevant profile.
  • Write docs
  • Define communication channels so contributors can follow and participate (IRC, mailing list, etc.)

Later...

  • Translating the SCAP guide
  • Support older distribution
  • provide framework so maintainers can provide probes in their packages

Done