=================================================
#ansible-lockdown: Ansible Lockdown Working Group
=================================================


Meeting started by cyberpear at 22:13:10 UTC. The full logs are
available at
https://meetbot.fedoraproject.org/ansible-lockdown/2020-05-27/ansible_lockdown_working_group.2020-05-27-22.13.log.html
.



Meeting summary
---------------
* Draft RHEL 8 STIG Review  (cyberpear, 22:13:18)

* Draft RHEL 8 STIG Review (CAT 1)  (cyberpear, 22:14:20)
  * DISA should split 020330 into 2 rules  (cyberpear, 22:28:45)
  * DISA should drop 040060, since "The OpenSSH SSH daemon supports SSH
    protocol 2 only." (man 8 sshd)  (cyberpear, 22:36:54)

* Draft RHEL 8 STIG Review (CAT 2)  (cyberpear, 22:43:31)
  * DISA might consider crypto-policies for 010080 but only if Red Hat
    fixes them to actually work  (cyberpear, 22:46:15)
  * DISA should split 010380 '"NOPASSWD" or "!authenticate"' as with
    RHEL 7; NOPASSWD is required w/ MFA  (cyberpear, 23:02:20)
  * DISA should fix 010390, esc is not required (as w/ latest RHEL 7
    STIG changes)  (cyberpear, 23:03:52)
  * RH or DISA should handle offline PKI logins without no_ocsp option
    (cyberpear, 23:05:33)
  * DISA should allow 0640 mode on SSH host keys like RHEL 7 010490
    (cyberpear, 23:08:32)
  * investigate reversal of kdump requirement  (cyberpear, 23:15:28)
  * will pick up next time at 020000  (cyberpear, 23:23:05)

Meeting ended at 23:23:07 UTC.




Action Items
------------





Action Items, by person
-----------------------
* **UNASSIGNED**
  * (none)




People Present (lines said)
---------------------------
* cyberpear (42)
* zodbot (5)




Generated by `MeetBot`_ 0.1.4

.. _`MeetBot`: http://wiki.debian.org/MeetBot