SCAP security guide and tools BoF (automatic verification of security configuration)
BoF at 14:00 in room Madrid !
Debian doesn't provide a security guide in SCAP format, let's fix that.
SCAP guides are really nice for users because it's really easy
"audit" (evaluate) one or many systems. Also, SCAP security guides can
contain multiple profiles (Server, Desktop, Virtualisation Host...).
Those profiles can further be customized by the user: enable/disable
some checks, adjust threshold...
The XML results can be also be converted in some nice HTML file with
explanation, reference and remediation hints. The XML file could even be
used for automatic remediation.
In this BoF, I would like to discuss with interested parties on what
should be done, how to do it, what should be supported, etc.
I have grabbed some ideas/todo/pitfalls on this wiki pages:
https://fedorahosted.org/sce-community-content/ (inactive since 2013)