[Open-scap] Making Fix Templates
Boyd Ako
boyd.hanalei.ako at gmail.com
Wed Jan 9 00:32:48 UTC 2019
Aloha,
So I had a couple questions.
A) Is using the Fix Template function still being supported?
B) Is there more detailed documentation on creating the template? I'm
already aware of the XSL "legacy" files in /usr/share/openscap/xsl. I seem
to be having issues with openscap outputing anything from the
legacy-fixtpl-bash.xml as it is or when I try to modify the "fixentry" to
map to a rule.
C) If the Fix Template function is more or less dead in the water, is there
a way I can "convey" fixes for the remediation script generation that's
either local or on premise? I know that OpenSCAP does have a bunch of fixes
for the SSGs. But I can't really reach them due to isolation and even if I
could it wouldn't be permitted since it's "external" to "DISA Approved"
stuff.
My environment: As awesome as it is that there's SSGs for DISA RHEL 7, I
can't use it because it doesn't have the MAC and Sensitivity profiles in
the actual RHEL 7 Benchmark from the DISA XCCDF. So, I'm using the the
XCCDF from DISA with the appropriate profile and none of the "rules" seem
to match any of the remediation fixes for the failed rules. Also due to
networking infrastructure, I'm more or less isoalted so fetching remote
resources is out.
------------------------------
Thank you for your time,
Boyd H. Ako
boyd.hanalei.ako at gmail.com
https://www.boydhanaleiako.me
Cell Phone: (424) 244-9653PGP/GPG Public Key:
https://sks-keyservers.net/pks/lookup?op=get&search=0xC58073B21618F134
------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20190108/e11653cb/attachment.htm>
More information about the Open-scap-list
mailing list