Open 90n20 opened 8 months ago
Updated progress with scripts results on nodes.
After reviewing the results, they have been reported with recommended actions in a document on SCS Nextcloud instance.
Next actions will consist on perform the same tests over a testbed deployment with hardening enabled to compare both results.
Updated progress with hardening applied. Preliminary checks show slightly better results (with OpenScap more rules are being checked as hardening enables some new services, hence past "non applicable" rules are now added to the list)
New document uploaded to nextcloud with the results with hardening applied. Both include recommended actions.
As a SCS security auditor, I want to check and assess a SCS testbed deployment within the context of a low privileged user on both manager and nodes, so that I could report that all systems are configured properly and without any flaw that could impact their security as a whole.
Related to #410
Definition of Ready:
Definition of Done: