= Proposed Self Contained Change: Security Policy In The Installer = https://fedoraproject.org/wiki/Changes/SecurityPolicyInTheInstaller Change owner(s): Vratislav Podzimek <vpodzime@xxxxxxxxxx> There are many known tips and tricks how to make a system more secure, often depending on the use case for the system. With the OSCAP Anaconda Addon [1] and the SCAP Security Guide [2] projects, we may allow users choosing a security policy for their newly installed system. == Detailed Description == The OSCAP Anaconda Addon is a project implementing an Anaconda installer addon integrating the installer with the OpenSCAP toolkit to provide nice UX when it comes to security policy application. Its kickstart and GUI support allows users choosing a security policy for the newly installed system in an easy and nicely scaling way. The SCAP Security Guide project on the other hand focuses on development of so-called SCAP content for Fedora, RHEL and other projects. A SCAP content is a set of XML files defining rules that should be followed by the system together with checks and fixes used to check and fix system's state. It also defines profiles selecting some of the rules (or groups of rules) targetting various use cases. == Scope == We are basically all set. Both OSCAP Anaconda Addon (OAA) and SCAP Security Guide (SSG) are packages that can be installed by lorax to the installation compose (distributed images). The addon is then detected and loaded by the installer and the SCAP content provided by the SSG is automatically detected and loaded by the addon. Of course a lot of future development is expected in both of the projects to provide additional features, but even the current state provides nice features and good UX. * Proposal owners: Bug fixing of both the OAA and SSG is expected to be required, but there are no known major bugs. Further development especially on the SSG side may be requried to provide more security policies for various products/spins/use cases. * Release engineering: Few simple changes in the lorax templates will be needed to make the OAA and SSG included in the installer images. Patches are already available and will be submitted to the lorax maintainer (Brian Lane) who has agreed to review and help with them. [1] https://fedorahosted.org/oscap-anaconda-addon/ [2] https://fedorahosted.org/scap-security-guide/ _______________________________________________ devel-announce mailing list devel-announce@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel-announce -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct