SCIENTIFIC-LINUX-DEVEL Archives

September 2019

SCIENTIFIC-LINUX-DEVEL@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: scap-security-guide-0.1.43 problems?
From:
Pat Riehecky <[log in to unmask]>
Reply To:
Pat Riehecky <[log in to unmask]>
Date:
Fri, 13 Sep 2019 14:22:57 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (54 lines) 
I'm in a similar boat.  I fear I've not spent much time looking at the 
SCAP stuff since 7.2....

Pat

On 9/13/19 2:14 PM, Kraus, Dave (GE Healthcare) wrote:
> Ok. I had a feeling that was the case.
>
> Anything in particular you'd like me to dig deeper into? Some bits of the enable_derivatives.py seem to be where I'd suspect breakage, but I haven't figured a way to tap into them easily...
>
> On 9/13/19, 8:09 AM, "[log in to unmask] on behalf of Pat Riehecky" <[log in to unmask] on behalf of [log in to unmask]> wrote:
>
>      This is unexpected behavior.  We should probably trace down the cause
>      and get something opened upstream.
>      
>      Pat
>      
>      On 9/12/19 5:26 PM, Kraus, Dave (GE Healthcare) wrote:
>      > So, here I am, patching up scap-security-guide for our rebranding. Slight edit to my patch, no big deal, rpmbuild comes out clean. But when I go to pick a security profile during install, or go to pick a profile in scap-workbench (or output from oscap info), I only see "Standard System Security Profile for Red Hat Enterprise Linux 7" and "PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7", rather than the 10 or so that I got in 7.6.
>      >
>      > That's odd. Usually, I get either nothing, or everything.
>      >
>      > Wonder what a base SL 7.7 does?
>      >
>      > Huh. The anaconda Security Profile spoke gives me nothing to choose.
>      >
>      > Install, add scap-workbench and dependencies, bring it up, I get the same 2 profiles as ours, at least, so it's not just me.
>      >
>      > Yum downgrade to the 7.6 package (0.1.40-12.sl7) and I see all the profiles I expect.
>      >
>      > The last CentOS update to 7.6.1810 I have is 0.1.40, so probably not worth checking at this point.
>      >
>      > So, ultimately, is this condition expected/correct, or do we have upstream bugs to work out and report?
>      >
>      > (Mostly I'm trying to determine how much more effort I need to put into this. At this moment our 0.1.40-12.distro7 version will probably be put into our 7.7...)
>      >
>      >
>      
>      --
>      Pat Riehecky
>      
>      Fermi National Accelerator Laboratory
>      http://www.fnal.gov
>      https://urldefense.proofpoint.com/v2/url?u=http-3A__www.scientificlinux.org&d=DwIGaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=gFkdicHkC0xTAW6KVkPDqz8nQycnh6BokKaGQq3D1KA&s=k2yL22d-BEVa4Rm6WrtZx7JJIxhrcsNH43KS-tfuYec&e=
>      
>

-- 
Pat Riehecky

Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org

ATOM RSS1 RSS2