14:05:52 <lhinds> #startmeeting Sec Group 29/06 14:05:52 <collabot`> Meeting started Wed Jun 29 14:05:52 2016 UTC. The chair is lhinds. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:05:52 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic. 14:05:52 <collabot`> The meeting name has been set to 'sec_group_29_06' 14:06:05 <lhinds> ok, not sure where Sona is. 14:06:13 <lhinds> #topic Agenda 14:06:22 <lhinds> #link https://etherpad.opnfv.org/p/opnfv-sec-meetings 14:06:36 <lhinds> rough agenda, please make additions should you wish too. 14:07:06 <aripie> I am ok with the agenda 14:07:48 <lhinds> k, pinged Sona on google hangouts 14:08:17 <lhinds> #topic Security Scanning 14:08:34 <lhinds> So at the summit, we did a demo and a presentation. 14:08:48 <lhinds> there was some good follow up, and others showed an interest in getting involved. 14:09:18 <lhinds> I met with functest, and we discussed getting its own repo and possible new scenarios. 14:09:54 <lhinds> Since then I have the email out on tech-discuss about getting a repo, but most our of the mind, we should be able to just go ahead, 14:10:13 <lhinds> I also need to answer some valid Q's from Daniel @ E /// 14:10:41 <lhinds> So that's a quick round up. The topic that I had was around SCAP authors. 14:11:34 <B_Smith> just a quick comment, irc is incorrect on meeting page 14:11:57 <lhinds> Now that we will be moving towards covering other installers (Ubuntu based) and possibly OpenDaylight or any given Application, we need help with authoring the upstream SCAP content or maintaining it. 14:12:06 <lhinds> B_Smith: will take a look thx! 14:13:37 <lhinds> To author SCAP content, you don't need to code. Its about putting hardening checks into XML format 14:14:02 <lhinds> So interested in volunteers if anyone has free cycles to take it on. 14:14:47 <serverascode> not a huge fan of xml :), but I'm interested in helping out there 14:15:10 <lhinds> thanks serverascode, are you familiar with SCAP? 14:15:20 <lhinds> (not that you need to be,its learnable) 14:15:31 <serverascode> only at a high level, would need to do some research 14:16:45 <lhinds> cool. so at the moment, for openstack checks and CentOS checks, the content is in good shape. There is also some Debian content which I heard is good, but could likely use clarification 14:17:03 <lhinds> (with the view that Debian will be applicable to Ubuntu (In most cases) 14:17:07 <lhinds> https://github.com/OpenSCAP/scap-security-guide/tree/master/Debian/8 14:17:56 <lhinds> so it might just be a case of installing a VM, running the SCAP scan, and seeing if the packaging is present. 14:18:12 <lhinds> I will help of course 100%, but will be busy with the coding parts 14:18:40 <serverascode> ok, yup sounds good 14:19:10 <serverascode> is it in terms of openstack + debian, or debian in general? 14:19:27 <lhinds> serverascode: ultimately both. 14:19:34 <serverascode> ok 14:19:44 <lhinds> So for the OS, as you can see its already there. 14:20:10 <lhinds> For openstack, we have SCAP already present for Centos / RHEL versions of openstack. 14:20:24 <lhinds> but the difference between the two is very small 14:20:34 <lhinds> perhaps paths / variables. 14:20:49 <lhinds> but must use upstream openstack, with the main difference being the installers 14:21:26 <lhinds> But the good news is that Major Hayden (a rackspace guy) has developed openstack security ansible playbooks that we can use. 14:21:35 <lhinds> so its all out there, just needs collating. 14:22:11 <serverascode> ok, interesting, yeah I'm aware of Mr. Hayden, openstack-ansible, nice 14:22:19 <lhinds> serverascode: do you have a Linux foundation account (read as do you have a jira account)? 14:22:26 <serverascode> yeah I do 14:22:43 <lhinds> cool, how would i find you..is it the same as you IRC nick? 14:22:56 <serverascode> yup 14:23:50 <lhinds> Curits? 14:24:31 <serverascode> curtis collicutt yup 14:24:44 <lhinds> excellent, got you now. 14:24:53 <lhinds> I am Luke, and we also have Ari here too. 14:25:22 <lhinds> great to have you involved 14:25:27 <serverascode> hi :) thanks 14:25:53 <aripie> hi 14:26:20 <lhinds> so I will assign some jira tasks to you, but understand you might want to have a read up and that first. 14:26:34 <lhinds> We are inbetween releases right now, so no big rush 14:26:41 <serverascode> ok 14:27:44 <lhinds> #action lhinds set up jira task for serverascode to look / research into SCAP authorship 14:28:14 <lhinds> there is talk on YouTube where I demo'ed the scanning tool if you want to check it out. 14:28:55 <lhinds> #link https://www.youtube.com/watch?v=SFkwbUAoHfo 14:29:06 <serverascode> ok will watch that, thanks 14:29:43 <serverascode> I was at the summit but missed that one 14:29:54 <lhinds> oh, you missed the best one :P 14:30:02 <lhinds> just kidding 14:30:18 <serverascode> :) 14:30:43 <lhinds> ok, so thats good. I have a lot to do on cleaning up the wiki etc, but that will contain more info 14:31:18 <lhinds> this is the project proposal that gives some info as well: 14:31:32 <lhinds> #link https://wiki.opnfv.org/pages/viewpage.action?pageId=6824812 14:32:05 <lhinds> ok, the next topic is Badge Programme. 14:32:17 <lhinds> But Sona is missing, so I guess we might be skipping that one this week. 14:32:20 <lhinds> so... 14:32:25 <lhinds> #topic AOB 14:32:31 <lhinds> Any other business? 14:32:44 <aripie> not for today 14:33:33 <lhinds> serverascode ? 14:33:55 <serverascode> nothing from me, nope 14:34:13 <lhinds> ok, well good to have you join serverascode and nice to catch up with you aripie 14:34:25 <lhinds> see you next week, also I am on here all the time 14:34:34 <serverascode> great, thanks kindly 14:34:42 <lhinds> so any follow up questions, just type my name and I will get pinged 14:34:46 <aripie> ok, good with the summit outcome, cu next week 14:34:57 <lhinds> #endmeeting