Bug 1284045
Summary: | please add CNSS No. 1253 Profile from upstream | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Andrew Shewmaker <shewa> |
Component: | scap-security-guide | Assignee: | Jan Lieskovsky <jlieskov> |
Status: | CLOSED ERRATA | QA Contact: | Marek Haicman <mhaicman> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.7 | CC: | jlieskov, ksrot, mhaicman, openscap-maint, slukasik |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | scap-security-guide-0.1.28-2.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-05-10 21:40:36 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Andrew Shewmaker
2015-11-20 16:06:29 UTC
Moving to POST, this has been already done in upstream. Thanks Andrew for raising this. Note, to enable profile in distribution we also need this: https://github.com/OpenSCAP/scap-security-guide/pull/863 Another fix applicable to this profile (fixing invalid selectors): https://github.com/OpenSCAP/scap-security-guide/pull/904 Hello Iankko, I know it is just a nitpick, but would you consider changing a profile name a bit? With all other profile names we move to less abbreviated format, but this is left pretty dense... :) Proposal [well, the abbreviation itself probably cannot be expanded in any reasonable way]: CNSSI 1253 with criterions Low/Low/Low (In reply to Marek Haicman from comment #8) @Marek Thank you for checking this! > Hello Iankko, I know it is just a nitpick, but would you consider changing a > profile name a bit? With all other profile names we move to less abbreviated > format, but this is left pretty dense... :) > > Proposal [well, the abbreviation itself probably cannot be expanded in any > reasonable way]: > CNSSI 1253 with criterions Low/Low/Low Would "CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 6" form be acceptable instead? Those "Low/Low/Low" categorizations are important there (since they specify the overlays we are using in this profile) [*] [*] Refer to: https://www.cnss.gov/CNSS/openDoc.cfm?6pTJzXxAC8oPWmAm+YQAsQ== (page #4) (Section "2.3 RELATIONSHIP BETWEEN BASELINES AND OVERLAYS" for clarification what that overlay means) Thanks, Jan. Hello Jan, it works for me just fine, thanks! :) (In reply to Marek Haicman from comment #10) > Hello Jan, it works for me just fine, thanks! :) Brilliant. Thanks for confirmation! Upstream PR proposing this form is here: https://github.com/OpenSCAP/scap-security-guide/pull/1032 Verified there is "CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 6" profile in scap-security-guide-0.1.28-2.el6, and its content looks sane. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-0846.html |