#ansible-lockdown: Ansible Lockdown Working Group

Meeting started by cyberpear at 22:13:10 UTC (full logs).

Meeting summary

  1. Draft RHEL 8 STIG Review (cyberpear, 22:13:18)
  2. Draft RHEL 8 STIG Review (CAT 1) (cyberpear, 22:14:20)
    1. DISA should split 020330 into 2 rules (cyberpear, 22:28:45)
    2. DISA should drop 040060, since "The OpenSSH SSH daemon supports SSH protocol 2 only." (man 8 sshd) (cyberpear, 22:36:54)

  3. Draft RHEL 8 STIG Review (CAT 2) (cyberpear, 22:43:31)
    1. DISA might consider crypto-policies for 010080 but only if Red Hat fixes them to actually work (cyberpear, 22:46:15)
    2. DISA should split 010380 '"NOPASSWD" or "!authenticate"' as with RHEL 7; NOPASSWD is required w/ MFA (cyberpear, 23:02:20)
    3. DISA should fix 010390, esc is not required (as w/ latest RHEL 7 STIG changes) (cyberpear, 23:03:52)
    4. RH or DISA should handle offline PKI logins without no_ocsp option (cyberpear, 23:05:33)
    5. DISA should allow 0640 mode on SSH host keys like RHEL 7 010490 (cyberpear, 23:08:32)
    6. investigate reversal of kdump requirement (cyberpear, 23:15:28)
    7. will pick up next time at 020000 (cyberpear, 23:23:05)


Meeting ended at 23:23:07 UTC (full logs).

Action items

  1. (none)


People present (lines said)

  1. cyberpear (42)
  2. zodbot (5)


Generated by MeetBot 0.1.4.