I'm in a similar boat. I fear I've not spent much time looking at the
SCAP stuff since 7.2....
Pat
On 9/13/19 2:14 PM, Kraus, Dave (GE Healthcare) wrote:
> Ok. I had a feeling that was the case.
>
> Anything in particular you'd like me to dig deeper into? Some bits of the enable_derivatives.py seem to be where I'd suspect breakage, but I haven't figured a way to tap into them easily...
>
> On 9/13/19, 8:09 AM, "[log in to unmask] on behalf of Pat Riehecky" <[log in to unmask] on behalf of [log in to unmask]> wrote:
>
> This is unexpected behavior. We should probably trace down the cause
> and get something opened upstream.
>
> Pat
>
> On 9/12/19 5:26 PM, Kraus, Dave (GE Healthcare) wrote:
> > So, here I am, patching up scap-security-guide for our rebranding. Slight edit to my patch, no big deal, rpmbuild comes out clean. But when I go to pick a security profile during install, or go to pick a profile in scap-workbench (or output from oscap info), I only see "Standard System Security Profile for Red Hat Enterprise Linux 7" and "PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 7", rather than the 10 or so that I got in 7.6.
> >
> > That's odd. Usually, I get either nothing, or everything.
> >
> > Wonder what a base SL 7.7 does?
> >
> > Huh. The anaconda Security Profile spoke gives me nothing to choose.
> >
> > Install, add scap-workbench and dependencies, bring it up, I get the same 2 profiles as ours, at least, so it's not just me.
> >
> > Yum downgrade to the 7.6 package (0.1.40-12.sl7) and I see all the profiles I expect.
> >
> > The last CentOS update to 7.6.1810 I have is 0.1.40, so probably not worth checking at this point.
> >
> > So, ultimately, is this condition expected/correct, or do we have upstream bugs to work out and report?
> >
> > (Mostly I'm trying to determine how much more effort I need to put into this. At this moment our 0.1.40-12.distro7 version will probably be put into our 7.7...)
> >
> >
>
> --
> Pat Riehecky
>
> Fermi National Accelerator Laboratory
> http://www.fnal.gov
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.scientificlinux.org&d=DwIGaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbBYBgsCHS7vSr83lHQ-aa58eXICk1KkzZlAHgohLRRrX&m=gFkdicHkC0xTAW6KVkPDqz8nQycnh6BokKaGQq3D1KA&s=k2yL22d-BEVa4Rm6WrtZx7JJIxhrcsNH43KS-tfuYec&e=
>
>
--
Pat Riehecky
Fermi National Accelerator Laboratory
www.fnal.gov
www.scientificlinux.org
|