Bug#852415: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard
Dear security team,
I'm contributor to scap-security-guide project for 2 years now and I'm
looking for a mentor for packaging the project into Debian.
SCAP-security-guide works with the OpenSCAP tool, which is already
packaged in Debian. As a Debian user, I'd like to make the
scap-security-guide package available in the Debian distribution, after
having agreed with the upstream integrator on the fact that the
packaging work should be done by the Debian & Ubuntu distros.
The goal of this project is to generate SCAP XCCDF Benchmarks and Guides
for various targets, not deployed by the OpenSCAP core package. In this
project, I contribute on the following subjects :
- Debian support
- Ubuntu support
- ANSSI best-practices support
Using these guides/benchmarks, it is possible to validate conformity of
Debian-based deployments against standard security policies such as
ANSSI Best-practices, PCI-DSS, NIST SP-800... and to launch remediation
scripts when needed. Using the OpenSCAP ecosystem, it is possible to
manage the security policy of a complete infrastructure, when launching
OpenSCAP tool through ssh (for e.g.) or on VM or docker templates.
The current source package has been posted on mentors :
Package name : scap-security-guide
Version : 0.1.31-6
Upstream Author : Watson Yuuma Sato (wsato@redhat.com)
URL
:https://www.open-scap.org/security-policies/scap-security-guide/
License : unlicenced
(seehttps://github.com/OpenSCAP/scap-security-guide/blob/master/LICENSE)
Section : admin
It builds those binary packages:
ssg-base - SCAP Security guide base content and documentation
ssg-debian8 - SCAP Guides and benchmarks targeting Debian 8
ssg-firefox - SCAP Guides and benchmarks targeting Firefox Browser
ssg-jre - SCAP Guides and benchmarks targeting Java Runtime
Environment
ssg-rhel5 - SCAP Guides and benchmarks targeting Red-Hat Enterprise
Linux 5
ssg-rhel6 - SCAP Guides and benchmarks targeting Red-Hat Enterprise
Linux 6
ssg-rhel7 - SCAP Guides and benchmarks targeting Red-Hat Enterprise
Linux 7
ssg-ubuntu1604 - SCAP Guides and benchmarks targeting Ubuntu 16.04
ssg-webmin - SCAP Guides and benchmarks targeting Webmin
To access further information about this package, please visit the
following URL:
https://mentors.debian.net/package/scap-security-guide
Alternatively, one can download the package with dget using this
command:
dget -x
https://mentors.debian.net/debian/pool/main/s/scap-security-guide/scap-security-guide_0.1.31-6.dsc
More information about scap-security-guide can be obtained
fromhttps://www.open-scap.org/security-policies/scap-security-guide
The repository is onhttps://github.com/OpenSCAP/scap-security-guide
Changes since the last upload:
* Various corrections for lintian conformity. Only pedantic and
experimental are still present.
Regards,
Philippe Thierry
Reply to: