lockdown_working_group
16.01
November 01, 2018
ansible-lockdown
#ansible-lockdown: general project
Meeting started by defionscode at 16:01:03 UTC
(full logs ).
Meeting summary
https://github.com/ansible/community/issues/388#issuecomment-435033692
(defionscode ,
16:03:28)
AGREED : use
benchparse to init new role (defionscode ,
16:07:19)
https://github.com/kubernetes/community/blob/master/github-management/kubernetes-repositories.md#sig-repositories
(defionscode ,
16:08:54)
IDEA : model after k8s
subprojects (defionscode ,
16:09:09)
AGREED : create
ansible-lockdown org to house incubating roles (defionscode ,
16:24:47)
ACTION : defionscode
to make org and role scaffolding for stigs (defionscode ,
16:27:47)
AGREED : create
ansible-lockdown-incubator org for things not-yet-endorsed by
lockdown maintainers as 'ready' (defionscode ,
16:31:49)
https://git.wiki.kernel.org/index.php/GitSubmoduleTutorial
(shepdelacreme ,
16:42:20)
AGREED : create a
submodule at /library to house patched modules in order to support
older ansible releases (defionscode ,
16:43:43)
merger with ansible hardening (defionscode , 16:44:44)
https://meetbot.fedoraproject.org/ansible-lockdown/2018-10-17/hardening-lockdown_merger_first_steps.2018-10-17-14.04.html
(cyberpear ,
16:48:12)
ACTION : odyssey4me to
follow up internally regarding ansible lockdown's use of openstack
infra (defionscode ,
16:48:20)
https://meetbot.fedoraproject.org/ansible-lockdown/2018-10-17/hardening-lockdown_merger_first_steps.2018-10-17-14.04.html
(odyssey4me ,
16:49:02)
ACTION : odyssey4me to
find out whether Rackspace wishes to add branding, and what the
terms are if they do. (odyssey4me ,
16:54:48)
ACTION : defionscode
to add odyssey4me and cloudnull to active members list on the
community page (defionscode ,
16:59:25)
how to best address manual and not remediated tasks (defionscode , 17:04:12)
IDEA : generate xccdf
xml report that can be ingested into DISA's STIG viewer (defionscode ,
17:10:30)
AGREED : callback
plugin to output manual/nonremediated benchmark rules (defionscode ,
17:15:33)
ACTION : defionscode
to make mvp of callback plugin for manual/nonremediated rules
(defionscode ,
17:16:00)
Style Guidelines (defionscode , 17:16:54)
AGREED : no line limit
lenght, but allow for changes/commits that do line
breaks/continuation (defionscode ,
17:20:05)
AGREED : removing
severity, audit, and patch tags severity tags go to the include
level in main.yml and audit/patch tags go away completely
(defionscode ,
17:22:09)
AGREED : rename
fix-cat* to cat*.yml (defionscode ,
17:25:00)
AGREED : blocks should
be named, and should follow convention unless it's complex and
further details are warranted (defionscode ,
17:28:59)
AGREED : standardize
on yes/no for BOOL (defionscode ,
17:36:53)
AGREED : move away
from "myvar|failed" to "myvar is failed" (defionscode ,
17:39:42)
AGREED : once accepted
into the upstream, use the scap_facts module to trigger failures in
CI for roles (defionscode ,
17:48:31)
Meeting ended at 17:53:02 UTC
(full logs ).
Action items
defionscode to make org and role scaffolding for stigs
odyssey4me to follow up internally regarding ansible lockdown's use of openstack infra
odyssey4me to find out whether Rackspace wishes to add branding, and what the terms are if they do.
defionscode to add odyssey4me and cloudnull to active members list on the community page
defionscode to make mvp of callback plugin for manual/nonremediated rules
Action items, by person
defionscode
defionscode to make org and role scaffolding for stigs
defionscode to add odyssey4me and cloudnull to active members list on the community page
defionscode to make mvp of callback plugin for manual/nonremediated rules
odyssey4me
odyssey4me to follow up internally regarding ansible lockdown's use of openstack infra
odyssey4me to find out whether Rackspace wishes to add branding, and what the terms are if they do.
defionscode to add odyssey4me and cloudnull to active members list on the community page
People present (lines said)
defionscode (198)
cyberpear (72)
shepdelacreme (63)
odyssey4me (20)
cyberpear_ (5)
zodbot (5)
mnaser (3)
alikins_ (1)
Generated by MeetBot 0.1.4.