[Open-scap] what profile to use in RHEL7
Shawn Wells
shawn at redhat.com
Tue Jul 18 22:57:11 UTC 2017
On 7/18/17 2:28 PM, Martin Preisler wrote:
> On Tue, Jul 18, 2017 at 1:34 PM, Shawn Wells <shawn at redhat.com> wrote:
>>
>> On 7/18/17 1:09 PM, Martin Preisler wrote:
>>
>> On Mon, Jul 17, 2017 at 6:44 PM, Smith, Cathy <Cathy.Smith at pnnl.gov> wrote:
>>
>> Folks
>>
>> I’m trying to build a customized profile for RHEL7. I’m not sure about the
>> list of profile names offered through the oscap command and the list shown
>> in the SCAP Workbench. For example, in RHEL6 the oscap command listed a
>> profile usgcb-rhel6-server, and that corresponded to the United States
>> Government Configuration Baseline (USGCB) in SCAP Workbench. The RHEL 7
>> SCAP Workbench has a profile for USGCB, but there is no profile listed by
>> that name by the oscap info command. Does anyone know of a list that shows
>> the relationship between the profile listed by the oscap command and the
>> profiles in the SCAP Workbench?
>>
>> Thank you for your assistance.
>>
>> The IDs and titles don't always match. This is exactly the case with
>> the USGCB / OSPP profile for RHEL7. Its title is "United States
>> Government Configuration Baseline (USGCB / STIG)" but its ID is
>> xccdf_org.ssgproject.content_profile_ospp-rhel7.
>>
>> I usually go to https://static.open-scap.org to figure this out. Click
>> on the product, then browse profiles. The page will always tell you
>> both title and ID of each.
>>
>> Hope this helps!
>>
>>
>>
>> As a future OpenSCAP RFE, could the 'oscap info' output be modified to show
>> the profile title? e.g.
>>
>> Title: United States Baseline
>> XCCDF ID: org.open-scap-ospp-rhel7
> I think Jan Cerny can see the future:
> https://github.com/OpenSCAP/openscap/pull/781
Hah! Nice, Jan :)
More information about the Open-scap-list
mailing list