[Open-scap] Guide generation with extended profiles does not include rules
Martin Preisler
mpreisle at redhat.com
Tue Sep 8 11:15:48 UTC 2015
----- Original Message -----
> From: "Sven Vermeulen" <sven.vermeulen at siphos.be>
> To: open-scap-list at redhat.com
> Sent: Thursday, September 3, 2015 8:05:01 PM
> Subject: [Open-scap] Guide generation with extended profiles does not include rules
>
> Hi all
>
> I have an XCCDF document that uses profile extensions [1]. While
> building the guide from the XCCDF with a profile, I noticed that the
> resulting guide only talks about the rules that are directly assigned
> to that profile, and not the rules of the extended profile (i.e. the
> rules that that profile should inherit).
>
> This is only on the generation of the guide - evaluating the XCCDF
> with the same profile does have those rules tested.
>
> This is with both the 1.2.5 release as well as latest in git
> (7a183c462e9c528584d4fe6cf049fdc727d87abc currently).
Hi,
thanks for your report. I suspect the issue is that you are generating
a guide of an unresolved benchmark.
Try:
$ oscap xccdf resolve -o resolved-gentoo-xccdf.xml gentoo-xccdf.xml
$ oscap xccdf generate guide --profile $PROFILE_ID resolved-gentoo-xccdf.xml > report.html
However, I feel this is a bug because OpenSCAP should warn you about it.
In the past it has warned but it doesn't warn anymore. I have fixed
the situation in https://github.com/OpenSCAP/openscap/commit/a7317cadefd89a59848a83ddcde77436728ad213
Thank you for your feedback!
--
Martin Preisler
Security Technologies | Red Hat, Inc.
http://martin.preisler.me
More information about the Open-scap-list
mailing list