[Pulp-list] Pulp Security Configuration
Lesley Kimmel
lesley.j.kimmel at gmail.com
Thu Dec 17 15:21:32 UTC 2015
I actually requested the STIG from the MongoDB people and they contacted me
to basically say that they won't provide the STIG for and that it doesn't
really apply to the opensource version of Mongo. Basically, they want to
sell support for the DB.
On Tue, Dec 15, 2015 at 7:34 AM, Lesley Kimmel <lesley.j.kimmel at gmail.com>
wrote:
> All;
>
> I work in an environment where we must execute DoD Security Requirements
> Guides (SRG). These guides mandate a number of security controls be
> configured to the extent possible. I am rather comfortable with security
> Apache and feel that I could do that without affecting the operation of
> Pulp in general.
>
> I have also found that the MongoDB project provides a Secure Technical
> Implementation Guide (STIG) which is based on database SRG. I'd be slightly
> cautious about implementing this as I don't know how Pulp uses the database
> and I also am new to NoSQL DBs. Has anyone on the project considered these
> types of settings or would you be willing to look at the MongoDB STIG to
> see what might be implemented without breaking Pulp functionality?
>
> Thanks,
> -LJ Kimmel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20151217/b9dfdd36/attachment.htm>
More information about the Pulp-list
mailing list