Red Hat Bugzilla – Bug 1284045
please add CNSS No. 1253 Profile from upstream
Last modified: 2016-05-10 17:40:36 EDT
Description of problem:
The current version of the SCAP Security Guide does not include the CNSS No. 1253 Profile, which is available from upstream.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. oscap info /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
Document type: XCCDF Checklist
Checklist version: 1.1
Referenced check files:
List of profiles should include:
Moving to POST, this has been already done in upstream. Thanks Andrew for raising this.
Note, to enable profile in distribution we also need this: https://github.com/OpenSCAP/scap-security-guide/pull/863
Another fix applicable to this profile (fixing invalid selectors):
Hello Iankko, I know it is just a nitpick, but would you consider changing a profile name a bit? With all other profile names we move to less abbreviated format, but this is left pretty dense... :)
Proposal [well, the abbreviation itself probably cannot be expanded in any reasonable way]:
CNSSI 1253 with criterions Low/Low/Low
(In reply to Marek Haicman from comment #8)
Thank you for checking this!
> Hello Iankko, I know it is just a nitpick, but would you consider changing a
> profile name a bit? With all other profile names we move to less abbreviated
> format, but this is left pretty dense... :)
> Proposal [well, the abbreviation itself probably cannot be expanded in any
> reasonable way]:
> CNSSI 1253 with criterions Low/Low/Low
Would "CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 6"
form be acceptable instead?
Those "Low/Low/Low" categorizations are important there (since they specify the overlays we are using in this profile) [*]
[*] Refer to: https://www.cnss.gov/CNSS/openDoc.cfm?6pTJzXxAC8oPWmAm+YQAsQ==
(page #4) (Section "2.3 RELATIONSHIP BETWEEN BASELINES AND OVERLAYS" for clarification what that overlay means)
Hello Jan, it works for me just fine, thanks! :)
(In reply to Marek Haicman from comment #10)
> Hello Jan, it works for me just fine, thanks! :)
Brilliant. Thanks for confirmation!
Upstream PR proposing this form is here:
Verified there is "CNSSI 1253 Low/Low/Low Control Baseline for Red Hat Enterprise Linux 6" profile in scap-security-guide-0.1.28-2.el6, and its content looks sane.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.