[Open-scap] OVAL content authoring tool

Šimon Lukašík slukasik at redhat.com
Fri Apr 1 14:09:27 UTC 2016 

On 03/31/2016 06:01 AM, Pravin Goyal wrote:
> To be specific, 
> 
> 1st goal   - Build oval content
> 2nd goal  - Build remediation content
> 3rd goal   - Merge with existing xccdf and create source ds

Try to clone Fedora/ directory. That contains only one or two profiles,
so it should be easier to comprehend.

Amend only if you see a need to write different OVAL file for SuSE (like
when configuration file path differs or daemon differs).

You will get OVAL, remediation and XCCDF components all together that
way. Then you can start adding new checks one by one.

Best,
~š.

> ______________________________________
> From: Pravin Goyal <pravin.goyal at outlook.com>
> Sent: Thursday, March 31, 2016 9:06 AM
> To: open-scap-list at redhat.com
> Subject: Re: [Open-scap] OVAL content authoring tool
> 
> Team,
> I need help. I need to setup a new platform say "SLES 11" in "scap-security-guide" project. What are the steps to be done? Where do I start?
> 
> I see that the community has already done a lot of automation work in churning out SCAP DS with xccdf, oval and remediation.
> 
> Please help.
> 
> Thanks and regards,
> Pravin Goyal
> 
> ________________________________________
> From: Martin Preisler <mpreisle at redhat.com>
> Sent: Wednesday, March 30, 2016 8:18 PM
> To: Pravin Goyal
> Subject: Re: [Open-scap] OVAL content authoring tool
> 
> ----- Original Message -----
>> From: "Pravin Goyal" <pravin.goyal at outlook.com>
>> To: "Martin Preisler" <mpreisle at redhat.com>
>> Sent: Wednesday, March 30, 2016 12:24:14 AM
>> Subject: Re: [Open-scap] OVAL content authoring tool
>>
>> One thing that I can promise is to contribute OVAL checks that you can
>> include in SSG. I am targeting to develop OVAL rules for SLES 11 SP3 OS. So,
>> there would be a lot of common stuff.
> 
> Please send your questions to the public mailing list. That way more people
> benefit from the reply. Thanks for understanding.
> 
> 
>> Trying to understand how to work with these transforms.
>> ________________________________________
>> From: Pravin Goyal <pravin.goyal at outlook.com>
>> Sent: Wednesday, March 30, 2016 9:14 AM
>> To: Martin Preisler
>> Subject: Re: [Open-scap] OVAL content authoring tool
>>
>> Hi Martin,
>> I could see the scripts in Github. Is there a documented way to use it?
>>
>> Basically, I am looking to just do OVAL content at this point of time and
>> later merge with XCCDF document when I have it.
>>
>> Thanks and regards,
>> Pravin Goyal
>> ________________________________________
>> From: Pravin Goyal <pravin.goyal at outlook.com>
>> Sent: Wednesday, March 30, 2016 4:16 AM
>> To: Martin Preisler
>> Subject: Re: [Open-scap] OVAL content authoring tool
>>
>> Thanks Martin for the quick response.
>>
>>>  I recommend looking at how SSG is built,
>>> how we use templates to generate the boilerplate.
>>
>> Do you have this documented somewhere? Can you please share the link?
>>
>>> I recommend leveraging this community. I don't know if the project you will
>>> be working on is an open source project but if so we will be able (and
>>> happy)
>>> to help you review the patches and work on the project.
>>
>> Thanks for extending the help. As of now, the OVAL content creation is tied
>> very much to an internal product. STIG development for the product is in
>> progress. We are just starting.
>> ________________________________________
>> From: Martin Preisler <mpreisle at redhat.com>
>> Sent: Tuesday, March 29, 2016 9:48 PM
>> To: Pravin Goyal
>> Cc: open-scap-list at redhat.com
>> Subject: Re: [Open-scap] OVAL content authoring tool
>>
>> ----- Original Message -----
>>> From: "Pravin Goyal" <pravin.goyal at outlook.com>
>>> To: open-scap-list at redhat.com
>>> Sent: Tuesday, March 29, 2016 1:32:53 AM
>>> Subject: [Open-scap] OVAL content authoring tool
>>>
>>> Hi Team,
>>> I am sure this is a FAQ. Do you know of a well-maintained content authoring
>>> tool?
>>
>> We have tried several times to come up with some fancy GUI tool to help with
>> the development but never succeeded. The GUI tool ends up having too many
>> options or it's not powerful enough. I recommend looking at how SSG is built,
>> how we use templates to generate the boilerplate.
>>
>> The tools I suggest are git, a text editor and SSG build scripts.
>>
>>> I am aware of
>>> https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL/6/transforms
>>> that we use to develop SSG content.
>>>
>>> Is this still valid -
>>> http://blog-shawndwells.rhcloud.com/wp-content/uploads/2013/07/SCAP-Workshop-Coursebook-v2.pdf
>>> ?
>>
>> Looks like it is except for the repository URIs. Change them to github URIs
>> and this will work.
>>
>>> Do you have any other suggestions in this regard? I am beginning a project
>>> that would require the development of some 500+ OVAL rules. So, I am just
>>> ensuring that I can make the best use of tools or processes already known
>>> to
>>> the community.
>>
>> I recommend leveraging this community. I don't know if the project you will
>> be working on is an open source project but if so we will be able (and happy)
>> to help you review the patches and work on the project.
>>
>> --
>> Martin Preisler
>> Identity Management and Platform Security | Red Hat, Inc.
>>
> 
> --
> Martin Preisler
> Identity Management and Platform Security | Red Hat, Inc.
> 
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
> 


~š.

More information about the Open-scap-list mailing list