= Debian SCAP Guide = This page is a TODO/IDEAS list to implement a SCAP guide for Debian. Debian automatically generates and publishes [[https://www.debian.org/security/oval/|OVAL information]] for use by SCAP. == TODO == * Define the Profiles we want. * What are Debian CPEs (platform, family?). Many CPEs can be found in the testing security SVN repostory, svn+ssh://svn.debian.org/svn/secure-testing, in the data/CPE/ directory. In addition, some source packages include the known CPEs for the package in debian/upstream/metadata). * Define distribution we target (typically: testing then stable) * How to let our derivative fork easily? * How to cooperate with scap-security-guide * support various guides/test suites for Debian (and others ?) * support generated remediation files (ansible, anaconda, puppet, bash) for Debian (and others ?) * Test infrastructure? * defining preseeds for hardened config ? (like RHEL kickstart in upstream SCAP security guide) to check security profiles (cf. RHEL/6/tests/kickstart dir in SSG upstream) * Dashboard) * Compare: our supported checks, upstream checks, and a wishlist. * Each SCAP probe should be tested, both in unstable and testing * Each Debian distribution should be evaluated, for each relevant profile. * Write docs * Define communication channels so contributors can follow and participate (IRC, mailing list, etc.) Later... * Translating the SCAP guide * Support older distribution * provide framework so maintainers can provide probes in their packages == Done == * Make sure [[Bug:738199|outdated]] OVAL information for Debian is updated. * Package [[https://tracker.debian.org/pkg/openscap|openscap]] (Bug:522265) * Package [[https://tracker.debian.org/pkg/scap-workbench|scap-workbench]] (Bug:750138) * Package [[https://tracker.debian.org/pkg/scap-security-guide|scap-security-guide]] (Bug:856425) * Package [[https://tracker.debian.org/pkg/openscap-daemon|openscap-daemon]] (Bug:860126) * Wiki page on using SCAP tools and policies: https://wiki.debian.org/UsingSCAP == Upstream references sources == * OpenSCAP: [[https://github.com/OpenSCAP/openscap]] * SCAP-Workbench: [[https://github.com/OpenSCAP/scap-workbench]] * SCAP-security-guide: [[https://github.com/OpenSCAP/scap-security-guide]] * OpenSCAP-daemon: [[https://github.com/OpenSCAP/openscap-daemon]] == debian pkg VCS repositories == * SCAP-security-guide: [[https://github.com/pthierry38/scap-security-guide]] * openscap-daemon: [[https://github.com/pthierry38/openscap-daemon]]