[Open-scap] OVAL content authoring tool

Pravin Goyal pravin.goyal at outlook.com
Mon Apr 4 04:18:28 UTC 2016 

Thanks, Simon. I am getting started. 

So far, I have figured out that we need below steps:

1) Ensure that templates are in place in one directory (call it templates) and the template to actual oval content creation works - 
    a) Have OVAL xml templates (the way you desire a particular probe based check to look like - for example, disabling services, checking file permissions, etc.). Take from existing or create your own.
    b) csv files that contain the entry in the required format for a particular probe based check
    c) Python scripts to take each line item in csv and convert it into an OVAL xml based on the desired template

2) Edit Makefile to build just oval content
    a) That means combine oval singletons into one big oval assessment content
    b) have boilerplate information such as xmlns, generator, etc. in place

Are the above steps good enough for oval content creation? Am I missing any steps?

I am yet to work through all the steps above and just figured out the information for now. If there is anything that helps jumpstart this, it would be great, else, not a problem. I will eventually figure it out. (I come from security and compliance background and not pure developer background - so this might be at times difficult for me. But, perhaps, I will take some help locally).

Thanks and regards,
Pravin Goyal
________________________________________
From: Šimon Lukašík <slukasik at redhat.com>
Sent: Friday, April 1, 2016 7:36 PM
To: Pravin Goyal; open-scap-list at redhat.com
Subject: Re: [Open-scap] OVAL content authoring tool

Hello Pravin,

I advise you what folks working on Debian/ directory has achieved.

Most of the checks will be the same for SuSE and Fedora derivatives. A
lot is shared with Debian as well.

There will be some differences though, like configuration file paths.

We try to leverage shared/ directory within SSG to have common code
written only once.


The build scripts are still a little hairy, so I advice you to start
with RHEL/7 or Fedora makefiles and remove everything that you don't
need in first stage.

The build scripts are always work in progress, so don't be shy to amend
them as you see the need.

Best,
~š.

On 03/31/2016 05:36 AM, Pravin Goyal wrote:
> Team,
> I need help. I need to setup a new platform say "SLES 11" in "scap-security-guide" project. What are the steps to be done? Where do I start?
>
> I see that the community has already done a lot of automation work in churning out SCAP DS with xccdf, oval and remediation.
>
> Please help.
>
> Thanks and regards,
> Pravin Goyal
>
> ________________________________________
> From: Martin Preisler <mpreisle at redhat.com>
> Sent: Wednesday, March 30, 2016 8:18 PM
> To: Pravin Goyal
> Subject: Re: [Open-scap] OVAL content authoring tool
>
> ----- Original Message -----
>> From: "Pravin Goyal" <pravin.goyal at outlook.com>
>> To: "Martin Preisler" <mpreisle at redhat.com>
>> Sent: Wednesday, March 30, 2016 12:24:14 AM
>> Subject: Re: [Open-scap] OVAL content authoring tool
>>
>> One thing that I can promise is to contribute OVAL checks that you can
>> include in SSG. I am targeting to develop OVAL rules for SLES 11 SP3 OS. So,
>> there would be a lot of common stuff.
>
> Please send your questions to the public mailing list. That way more people
> benefit from the reply. Thanks for understanding.
>
>
>> Trying to understand how to work with these transforms.
>> ________________________________________
>> From: Pravin Goyal <pravin.goyal at outlook.com>
>> Sent: Wednesday, March 30, 2016 9:14 AM
>> To: Martin Preisler
>> Subject: Re: [Open-scap] OVAL content authoring tool
>>
>> Hi Martin,
>> I could see the scripts in Github. Is there a documented way to use it?
>>
>> Basically, I am looking to just do OVAL content at this point of time and
>> later merge with XCCDF document when I have it.
>>
>> Thanks and regards,
>> Pravin Goyal
>> ________________________________________
>> From: Pravin Goyal <pravin.goyal at outlook.com>
>> Sent: Wednesday, March 30, 2016 4:16 AM
>> To: Martin Preisler
>> Subject: Re: [Open-scap] OVAL content authoring tool
>>
>> Thanks Martin for the quick response.
>>
>>>  I recommend looking at how SSG is built,
>>> how we use templates to generate the boilerplate.
>>
>> Do you have this documented somewhere? Can you please share the link?
>>
>>> I recommend leveraging this community. I don't know if the project you will
>>> be working on is an open source project but if so we will be able (and
>>> happy)
>>> to help you review the patches and work on the project.
>>
>> Thanks for extending the help. As of now, the OVAL content creation is tied
>> very much to an internal product. STIG development for the product is in
>> progress. We are just starting.
>> ________________________________________
>> From: Martin Preisler <mpreisle at redhat.com>
>> Sent: Tuesday, March 29, 2016 9:48 PM
>> To: Pravin Goyal
>> Cc: open-scap-list at redhat.com
>> Subject: Re: [Open-scap] OVAL content authoring tool
>>
>> ----- Original Message -----
>>> From: "Pravin Goyal" <pravin.goyal at outlook.com>
>>> To: open-scap-list at redhat.com
>>> Sent: Tuesday, March 29, 2016 1:32:53 AM
>>> Subject: [Open-scap] OVAL content authoring tool
>>>
>>> Hi Team,
>>> I am sure this is a FAQ. Do you know of a well-maintained content authoring
>>> tool?
>>
>> We have tried several times to come up with some fancy GUI tool to help with
>> the development but never succeeded. The GUI tool ends up having too many
>> options or it's not powerful enough. I recommend looking at how SSG is built,
>> how we use templates to generate the boilerplate.
>>
>> The tools I suggest are git, a text editor and SSG build scripts.
>>
>>> I am aware of
>>> https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL/6/transforms
>>> that we use to develop SSG content.
>>>
>>> Is this still valid -
>>> http://blog-shawndwells.rhcloud.com/wp-content/uploads/2013/07/SCAP-Workshop-Coursebook-v2.pdf
>>> ?
>>
>> Looks like it is except for the repository URIs. Change them to github URIs
>> and this will work.
>>
>>> Do you have any other suggestions in this regard? I am beginning a project
>>> that would require the development of some 500+ OVAL rules. So, I am just
>>> ensuring that I can make the best use of tools or processes already known
>>> to
>>> the community.
>>
>> I recommend leveraging this community. I don't know if the project you will
>> be working on is an open source project but if so we will be able (and happy)
>> to help you review the patches and work on the project.
>>
>> --
>> Martin Preisler
>> Identity Management and Platform Security | Red Hat, Inc.
>>
>
> --
> Martin Preisler
> Identity Management and Platform Security | Red Hat, Inc.
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
>


~š.

More information about the Open-scap-list mailing list