Bug#852415: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard

To: team@security.debian.org
Cc: 852415@bugs.debian.org
Subject: Bug#852415: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard
From: phil@reseau-libre.net
Date: Thu, 02 Feb 2017 15:27:48 +0100
Message-id: <[🔎] 0012eb9cb66dd5f025781bdf1c1da4a4@reseau-libre.net>
Reply-to: phil@reseau-libre.net, 852415@bugs.debian.org

Dear security team,

I'm contributor to scap-security-guide project for 2 years now and I'mlooking for a mentor for packaging the project into Debian.

SCAP-security-guide works with the OpenSCAP tool, which is alreadypackaged in Debian. As a Debian user, I'd like to make thescap-security-guide package available in the Debian distribution, afterhaving agreed with the upstream integrator on the fact that thepackaging work should be done by the Debian & Ubuntu distros.

The goal of this project is to generate SCAP XCCDF Benchmarks and Guidesfor various targets, not deployed by the OpenSCAP core package. In thisproject, I contribute on the following subjects :


- Debian support
- Ubuntu support
- ANSSI best-practices support

Using these guides/benchmarks, it is possible to validate conformity ofDebian-based deployments against standard security policies such asANSSI Best-practices, PCI-DSS, NIST SP-800... and to launch remediationscripts when needed. Using the OpenSCAP ecosystem, it is possible tomanage the security policy of a complete infrastructure, when launchingOpenSCAP tool through ssh (for e.g.) or on VM or docker templates.


The current source package has been posted on mentors :

Package name    : scap-security-guide
Version         : 0.1.31-6
Upstream Author : Watson Yuuma Sato (wsato@redhat.com)

URL:https://www.open-scap.org/security-policies/scap-security-guide/License : unlicenced(seehttps://github.com/OpenSCAP/scap-security-guide/blob/master/LICENSE)

Section         : admin

It builds those binary packages:

 ssg-base   - SCAP Security guide base content and documentation
 ssg-debian8 - SCAP Guides and benchmarks targeting Debian 8
 ssg-firefox - SCAP Guides and benchmarks targeting Firefox Browser

ssg-jre - SCAP Guides and benchmarks targeting Java RuntimeEnvironmentssg-rhel5 - SCAP Guides and benchmarks targeting Red-Hat EnterpriseLinux 5ssg-rhel6 - SCAP Guides and benchmarks targeting Red-Hat EnterpriseLinux 6ssg-rhel7 - SCAP Guides and benchmarks targeting Red-Hat EnterpriseLinux 7

 ssg-ubuntu1604 - SCAP Guides and benchmarks targeting Ubuntu 16.04
 ssg-webmin - SCAP Guides and benchmarks targeting Webmin

To access further information about this package, please visit thefollowing URL:


https://mentors.debian.net/package/scap-security-guide

Alternatively, one can download the package with dget using thiscommand:

dget -xhttps://mentors.debian.net/debian/pool/main/s/scap-security-guide/scap-security-guide_0.1.31-6.dsc

More information about scap-security-guide can be obtainedfromhttps://www.open-scap.org/security-policies/scap-security-guide

The repository is onhttps://github.com/OpenSCAP/scap-security-guide

Changes since the last upload:

* Various corrections for lintian conformity. Only pedantic andexperimental are still present.



 Regards,
   Philippe Thierry

Reply to:

Follow-Ups:
- Re: Bug#852415: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard
  - From: Alec Leamas <leamas.alec@gmail.com>

Prev by Date: Bug#853896: RFS: osmose-emulator/1.0.0-1 [ITP] -- Sega Master System and Game Gear console emulator
Next by Date: Re: Bug#852415: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard
Previous by thread: Re: RFC: jbig2enc -- JBIG2 encoder
Next by thread: Re: Bug#852415: RFS: scap-security-guide/0.1.31-6 [ITP] -- security guides and conformity checks using SCAP standard
Index(es):
- Date
- Thread