Re: [isar-cip-core PATCH 1/6] opt-security.yml: Sample settings to install security
Venkata Pyla
On Mon, Jun 29, 2020 at 05:26 PM, Daniel Sangorrin wrote:
I understood now, i will rebase the patches with master branch and i will resend the patches for review, sorry for the confusion-----Original Message-----It seems that opt-security.yaml was already removed in the security branch: Also, as we have talked in the meetings, it looks like the security layer at the moment is just adding some packages but don't you need to add configuration files to harden the final file system? For example, you may want to change the configuration of the ssh server so that passwords are not accepted (only ssh keys). And the same for the rest of packages. In that case, you probably want to create a new kas-security.yaml.Currently we don't have such configuration changes, but most probably in the future may be after discussion with Certification Body we may need to include configurations to fullfill the security requirement, we will keep this point in security WG discussions and get some consensus. Thanks,
|
|