[Open-scap] support for remediation (parameters for fixes?)
Steve Grubb
sgrubb at redhat.com
Sat Jun 1 14:01:40 UTC 2013
---------- Forwarded Message ----------
Subject: support for remediation (parameters for fixes?)
Date: Friday, May 31, 2013, 07:18:36 PM
From: Jeffrey Blank <jeffblank at gmail.com>
To: open-scap-list at redhat.com
Hi OpenSCAP Developers,
Could you tell us about the current support for remediation in OpenSCAP
tooling?
The Aqueduct community is interested in creating remediation scripts for
the DISA STIG, which is of course based on SCAP content from
scap-security-guide project.
I see that you have creating some tooling to generate fix scripts and it
would be great if the Aqueduct community could leverage OVAL (or SCE)
checks, instead of creating their own script checks and fixes entirely in
bash. I took a brief look at /usr/share/openscap/xsl/fix.xsl and
fixtpl-bash.xml, and this suggests that variable substitution (XCCDF
Values/OVAL variables, via <sub>) were considered.
If there is any example content, that would be excellent to see.
It would be compelling if tooling could support both separable and
parameterized checking and fix generation, as it would enable system
auditors and system administrators to use the same toolchain. This would
permit combination of effort and reduction of misery.
Thanks,
Jeff
-----------------------------------------
More information about the Open-scap-list
mailing list