2072
Comment:
|
2181
|
Deletions are marked like this. | Additions are marked like this. |
Line 31: | Line 31: |
* Package [[https://tracker.debian.org/pkg/scap-security-guide|scap-security-guide]] (Bug:856425) (in NEW) |
Debian SCAP Guide
This page is a TODO/IDEAS list to implement a SCAP guide for Debian. Debian automatically generates and publishes OVAL information for use by SCAP.
TODO
- Define the Profiles we want.
What are Debian CPEs (platform, family?). Many CPEs can be found in the testing security SVN repostory, svn+ssh://svn.debian.org/svn/secure-testing, in the data/CPE/ directory. In addition, some source packages include the known CPEs for the package in debian/upstream/metadata).
- Define distribution we target (typically: testing then stable)
- How to let our derivative fork easily?
- How to cooperate with scap-security-guide
- support various guides/test suites for Debian (and others ?)
- support generated remediation files (ansible, anaconda, puppet, bash) for Debian (and others ?)
- Test infrastructure?
- defining preseeds for hardened config ? (like RHEL kickstart in upstream SCAP security guide) to check security profiles (cf. RHEL/6/tests/kickstart dir in SSG upstream)
- Dashboard)
- Compare: our supported checks, upstream checks, and a wishlist.
- Each SCAP probe should be tested, both in unstable and testing
- Each Debian distribution should be evaluated, for each relevant profile.
- Write docs
- Define communication channels so contributors can follow and participate (IRC, mailing list, etc.)
Later...
- Translating the SCAP guide
- Support older distribution
- provide framework so maintainers can provide probes in their packages
Done
Make sure outdated OVAL information for Debian is updated.
Package scap-workbench (750138)
Package scap-security-guide (856425) (in NEW)
Upstream references sources
OpenSCAP: https://github.com/OpenSCAP/openscap
SCAP-Workbench: https://github.com/OpenSCAP/scap-workbench
SCAP-security-guide: https://github.com/OpenSCAP/scap-security-guide