================================== #ansible-lockdown: general project ================================== Meeting started by defionscode at 16:01:03 UTC. The full logs are available at https://meetbot.fedoraproject.org/ansible-lockdown/2018-11-01/lockdown_working_group.2018-11-01-16.01.log.html . Meeting summary --------------- * LINK: https://github.com/ansible/community/issues/388#issuecomment-435033692 (defionscode, 16:03:28) * AGREED: use benchparse to init new role (defionscode, 16:07:19) * LINK: https://github.com/kubernetes/community/blob/master/github-management/kubernetes-repositories.md#sig-repositories (defionscode, 16:08:54) * IDEA: model after k8s subprojects (defionscode, 16:09:09) * AGREED: create ansible-lockdown org to house incubating roles (defionscode, 16:24:47) * ACTION: defionscode to make org and role scaffolding for stigs (defionscode, 16:27:47) * AGREED: create ansible-lockdown-incubator org for things not-yet-endorsed by lockdown maintainers as 'ready' (defionscode, 16:31:49) * LINK: https://git.wiki.kernel.org/index.php/GitSubmoduleTutorial (shepdelacreme, 16:42:20) * AGREED: create a submodule at /library to house patched modules in order to support older ansible releases (defionscode, 16:43:43) * merger with ansible hardening (defionscode, 16:44:44) * LINK: https://meetbot.fedoraproject.org/ansible-lockdown/2018-10-17/hardening-lockdown_merger_first_steps.2018-10-17-14.04.html (cyberpear, 16:48:12) * ACTION: odyssey4me to follow up internally regarding ansible lockdown's use of openstack infra (defionscode, 16:48:20) * LINK: https://meetbot.fedoraproject.org/ansible-lockdown/2018-10-17/hardening-lockdown_merger_first_steps.2018-10-17-14.04.html (odyssey4me, 16:49:02) * ACTION: odyssey4me to find out whether Rackspace wishes to add branding, and what the terms are if they do. (odyssey4me, 16:54:48) * ACTION: defionscode to add odyssey4me and cloudnull to active members list on the community page (defionscode, 16:59:25) * how to best address manual and not remediated tasks (defionscode, 17:04:12) * IDEA: generate xccdf xml report that can be ingested into DISA's STIG viewer (defionscode, 17:10:30) * AGREED: callback plugin to output manual/nonremediated benchmark rules (defionscode, 17:15:33) * ACTION: defionscode to make mvp of callback plugin for manual/nonremediated rules (defionscode, 17:16:00) * Style Guidelines (defionscode, 17:16:54) * AGREED: no line limit lenght, but allow for changes/commits that do line breaks/continuation (defionscode, 17:20:05) * AGREED: removing severity, audit, and patch tags severity tags go to the include level in main.yml and audit/patch tags go away completely (defionscode, 17:22:09) * AGREED: rename fix-cat* to cat*.yml (defionscode, 17:25:00) * AGREED: blocks should be named, and should follow convention unless it's complex and further details are warranted (defionscode, 17:28:59) * AGREED: standardize on yes/no for BOOL (defionscode, 17:36:53) * AGREED: move away from "myvar|failed" to "myvar is failed" (defionscode, 17:39:42) * AGREED: once accepted into the upstream, use the scap_facts module to trigger failures in CI for roles (defionscode, 17:48:31) Meeting ended at 17:53:02 UTC. Action Items ------------ * defionscode to make org and role scaffolding for stigs * odyssey4me to follow up internally regarding ansible lockdown's use of openstack infra * odyssey4me to find out whether Rackspace wishes to add branding, and what the terms are if they do. * defionscode to add odyssey4me and cloudnull to active members list on the community page * defionscode to make mvp of callback plugin for manual/nonremediated rules Action Items, by person ----------------------- * defionscode * defionscode to make org and role scaffolding for stigs * defionscode to add odyssey4me and cloudnull to active members list on the community page * defionscode to make mvp of callback plugin for manual/nonremediated rules * odyssey4me * odyssey4me to follow up internally regarding ansible lockdown's use of openstack infra * odyssey4me to find out whether Rackspace wishes to add branding, and what the terms are if they do. * defionscode to add odyssey4me and cloudnull to active members list on the community page * **UNASSIGNED** * (none) People Present (lines said) --------------------------- * defionscode (198) * cyberpear (72) * shepdelacreme (63) * odyssey4me (20) * cyberpear_ (5) * zodbot (5) * mnaser (3) * alikins_ (1) Generated by `MeetBot`_ 0.1.4 .. _`MeetBot`: http://wiki.debian.org/MeetBot