Hello everybody,
I've just created a Fedora 21 feature proposal [1] with the goal of
adding the OSCAP Anaconda Addon and SCAP Security Guide to the
default/official Fedora 21 installer images (composes) to improve user
experience by allowing users to choose security policy for their newly
installed system and to promote the two projects, make them more widely
used and to attract more developers and contributors.
[1] https://fedoraproject.org/wiki/Changes/SecurityPolicyInTheInstaller
--
Vratislav Podzimek
Anaconda Rider | Red Hat, Inc. | Brno - Czech Republic
A new version of the OSCAP Anaconda Addon is now available. [1] Changes
compared to the version 0.4 (previous release with a compose created)
are as follows:
0.6
----
* fixed threading issues when changing content
* fixed issues with updating GUI when switching to dry-run mode and back
* fixed build issues related to translations
0.5
----
* support for hash-based integrity checking (see KickstartDocumentation)
* fixed issues with extraction errors
* support for FTP as a content source (see KickstartDocumentation)
* support for the default profile (see KickstartDocumentation)
* translations enabled
* support for SCAP Security Guide (see KickstartDocumentation)
* SCAP Security Guide auto-detection
* dry-run mode (not applying security policy)
* added a way to change content in the GUI
Try it and submit bugs and feature requests to bugzilla
(oscap-anaconda-addon) or Trac system [1]!
[1] https://fedorahosted.org/oscap-anaconda-addon
--
Vratislav Podzimek
Anaconda Rider | Red Hat, Inc. | Brno - Czech Republic
Hello everybody,
I'd like to ask you for a favour. In the development cycle of the
release 0.5 of the OSCAP Anaconda Addon, I've added an autodetection of
the SCAP Security Guide content which means that if the
scap-security-guide package is installed in the compose and no other
content is specified in the kickstart file, the addon automatically
loads SSG content. I believe this brings us a big improvement in UX for
testing and finally moves us closer to including the OAA+SSG in the
default composes for next Fedora (and others) release.
However, this also brings the need to allow user changing the content
used by the addon (to switch from autodetected SSG to some different
content) and "not applying" content to the system (to easily turn of the
functionality once it gets included in the default composes). Turns out
it's quite hard to come up with the right widgets and proper labels
(wording) that would explain user what's going on.
The two mockup suggestions I've made so far are:
1. http://vpodzime.fedorapeople.org/OAA_control_buttons.png
2. http://vpodzime.fedorapeople.org/OAA_control_buttons2.png
The 1. uses a GtkToggleButton that can be pushed down and stays in that
state and I think it should have some better wording catching the
process -- something like "Applying security rules"/"Ignoring security
rules" -- that would change when the button is toggled.
The 2. uses a switch which relies on the related label next to it and
again even in this case, the right wording of the label is the key, I
think. What about "Apply security rules"?
Please keep in mind the fact, that we would like this screen to be shown
even to unexperienced users who have no idea about SCAP and the special
terms/keywords it uses. We don't want to confuse users and we want to
give them an easy way to opt out.
Any suggestions welcome! I'd like to release OAA 0.5 by the end of this
week, so it will come with the best layout and wording we will be able
to come up till that time.
Thanks,
--
Vratislav Podzimek
Anaconda Rider | Red Hat, Inc. | Brno - Czech Republic