[Open-scap] Using the 'STIG ID' value to identify a rule
Lemons, Terry
Terry.Lemons at dell.com
Tue Jun 8 18:02:22 UTC 2021
Internal Use - Confidential
Hi Vojta
I did some more testing using the XMLPad tool on Windows. I fed your query into the tool’s ‘Evaluate XPath’ function, and it correctly found two id values in ssg-sle12-ds.xml.
So, we know that the query works, but both the xmllint and xpath tools on SLES can’t process that query correctly.
I’ll look for other Linux tools.
Thanks for your help, and patience!
tl
From: Lemons, Terry
Sent: Tuesday, June 8, 2021 10:54 AM
To: Vojtech Polasek
Cc: open-scap-list at redhat.com
Subject: RE: [Open-scap] Using the 'STIG ID' value to identify a rule
Internal Use - Confidential
Hi Vojta
I didn’t suspect that the implementation in SLES would be so different, but it is:
ldpdd040:/tmp/scap-security-guide-0.1.55 # xpath
Usage:
/usr/bin/xpath [filename] query
If no filename is given, supply XML on STDIN.
ldpdd040:/tmp/scap-security-guide-0.1.55 #
Using the correct syntax, I was able to get the command to execute. But it seem that the query isn’t correct?
ldpdd040:/tmp/scap-security-guide-0.1.55 # xpath ssg-sle12-ds.xml "//xccdf-1.2:Rule[xccdf-1.2:reference[contains (., "SLES-12-010110")]]/@id"
Found 352 nodes:
-- NODE --
id="xccdf_org.ssgproject.content_rule_prefer_64bit_os"-- NODE --
id="xccdf_org.ssgproject.content_rule_package_aide_installed"-- NODE --
id="xccdf_org.ssgproject.content_rule_aide_scan_notification"-- NODE --
id="xccdf_org.ssgproject.content_rule_aide_verify_acls"-- NODE --
id="xccdf_org.ssgproject.content_rule_aide_verify_ext_attributes"-- NODE --
id="xccdf_org.ssgproject.content_rule_aide_check_audit_tools"-- NODE --
id="xccdf_org.ssgproject.content_rule_aide_build_database"-- NODE –
.
.
.
Thanks!
tl
From: Vojtech Polasek <vpolasek at redhat.com<mailto:vpolasek at redhat.com>>
Sent: Tuesday, June 8, 2021 9:58 AM
To: Lemons, Terry
Cc: open-scap-list at redhat.com<mailto:open-scap-list at redhat.com>
Subject: Re: [Open-scap] Using the 'STIG ID' value to identify a rule
[EXTERNAL EMAIL]
Hello Terry,
hm, that's strange.
I am runing Fedora 33 and the xpath executable is provided by
perl-XML-XPath-1.44-7.fc33.noarch : XPath parser and evaluator for Perl.
I see that my version is way higher than yours. Maybe your version just needs a different syntax?
Vojta
Dne 08. 06. 21 v 15:43 Lemons, Terry napsal(a):
Internal Use - Confidential
Hi Vojta
Thanks for the reply. No, I don’t need to use any particular tool. I just need to use a commonly-available Linux tool.
ldpdd040:/tmp/scap-security-guide-0.1.55 # xpath -e "//xccdf-1.2:Rule[xccdf-1.2:reference[contains (., "SLES-12-010110")]]/@id" ssg-sle12-ds.xml
Cannot open file '-e' at /usr/lib/perl5/vendor_perl/5.18.2/XML/XPath.pm line 53.
ldpdd040:/tmp/scap-security-guide-0.1.55 #
I’m running the command on SLES 12; maybe there is a difference between the xpath implementation on SLES vs. Red Hat? Maybe the SLES implementation is broken. I’ve tried this one two different SLES 12 SP5 systems:
ldpdd040:/tmp/scap-security-guide-0.1.55 # rpm -q --whatprovides /usr/bin/xpath
perl-XML-XPath-1.13-99.19.x86_64
ldpdd040:/tmp/scap-security-guide-0.1.55 # zypper search xpath
Loading repository data...
Reading installed packages...
S | Name | Summary | Type
---+----------------------+--------------------------------------------------------------------------+--------
i+ | perl-XML-DOM-XPath | Perl extension to add XPath support to XML::DOM, using XML::XPath engine | package
i | perl-XML-XPath | A set of modules for parsing and evaluating XPath statements | package
i | perl-XML-XPathEngine | Re-usable XPath engine for DOM-like trees | package
ldpdd040:/tmp/scap-security-guide-0.1.55 #
Thanks
tl
From: Vojtech Polasek <vpolasek at redhat.com><mailto:vpolasek at redhat.com>
Sent: Tuesday, June 8, 2021 8:57 AM
To: Lemons, Terry
Cc: open-scap-list at redhat.com<mailto:open-scap-list at redhat.com>
Subject: Re: [Open-scap] Using the 'STIG ID' value to identify a rule
[EXTERNAL EMAIL]
Hello,
I don't know why xmllint prints this error. I couldn't find any obvious explanation. But I am looking into that.
I use this instead:
```
xpath -e "//xccdf-1.2:Rule[xccdf-1.2:reference[contains (., "SLES-12-010110")]]/@id" ssg-sle12-ds.xml
```
Do you require usage of xmllint or can you go with xpath as well?
Best regards,
Vojta
Dne 07. 06. 21 v 20:31 Lemons, Terry napsal(a):
Internal Use - Confidential
Hi Vojta
Have you had to do something ‘special’ regarding a namespace prefix, in order for this xmllint command to complete successfully?
xmllint --xpath "//xccdf-1.2:Rule[xccdf-1.2:reference[contains (., "SLES-12-010110")]]/@id" ssg-sle12-ds.xml
Thanks
tl
From: Lemons, Terry <Terry.Lemons at dell.com><mailto:Terry.Lemons at dell.com>
Sent: Thursday, June 3, 2021 1:50 PM
To: Vojtech Polasek
Cc: open-scap-list at redhat.com<mailto:open-scap-list at redhat.com>; Lemons, Terry
Subject: RE: [Open-scap] Using the 'STIG ID' value to identify a rule
Internal Use - Confidential
Hi Vojta
Ah! Thanks for pointing out that I can get the information from a xml-formatted file. Since I’m working with SLES 12, I changed to using that file and to a SLES 12 rule.
The xpath expression does not find a rule, even though I can confirm with grep that it exists in the file:
ldpdd040:/tmp/scap-security-guide-0.1.55 # xmllint --xpath "//xccdf-1.2:Rule[xccdf-1.2:reference[contains (., "SLES-12-010110")]]/@id" ssg-sle12-ds.xml
XPath error : Undefined namespace prefix
xmlXPathEval: evaluation failed
XPath evaluation failure
ldpdd040:/tmp/scap-security-guide-0.1.55 # grep -C 3 "SLES-12-010110</xccdf-1.2:reference" ssg-sle12-ds.xml
<xccdf-1.2:reference href="https://www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf [cisecurity.org]<https://urldefense.com/v3/__https:/www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf__;!!LpKI!2cdxl_VMYS16PjzhVMUiXJspjruAwOlRd7smFWFjs9LPv__qxBGbR4r-u-0zsGCJ$>">15</xccdf-1.2:reference>
<xccdf-1.2:reference href="https://www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf [cisecurity.org]<https://urldefense.com/v3/__https:/www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf__;!!LpKI!2cdxl_VMYS16PjzhVMUiXJspjruAwOlRd7smFWFjs9LPv__qxBGbR4r-u-0zsGCJ$>">16</xccdf-1.2:reference>
<xccdf-1.2:reference href="https://www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf [cisecurity.org]<https://urldefense.com/v3/__https:/www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf__;!!LpKI!2cdxl_VMYS16PjzhVMUiXJspjruAwOlRd7smFWFjs9LPv__qxBGbR4r-u-0zsGCJ$>">5</xccdf-1.2:reference>
<xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux [public.cyber.mil]<https://urldefense.com/v3/__https:/public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems*2Cunix-linux__;JQ!!LpKI!2cdxl_VMYS16PjzhVMUiXJspjruAwOlRd7smFWFjs9LPv__qxBGbR4r-uyguYY87$>">SLES-12-010110</xccdf-1.2:reference>
<xccdf-1.2:reference href="https://public.cyber.mil/stigs/srg-stig-tools/ [public.cyber.mil]<https://urldefense.com/v3/__https:/public.cyber.mil/stigs/srg-stig-tools/__;!!LpKI!2cdxl_VMYS16PjzhVMUiXJspjruAwOlRd7smFWFjs9LPv__qxBGbR4r-u9lVaDzw$>">SV-217112r603262_rule</xccdf-1.2:reference>
<xccdf-1.2:rationale xml:lang="en-US">Without re-authentication, users may access resources or perform tasks for which they
do not have authorization.
--
<xccdf-1.2:reference href="https://www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf [cisecurity.org]<https://urldefense.com/v3/__https:/www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf__;!!LpKI!2cdxl_VMYS16PjzhVMUiXJspjruAwOlRd7smFWFjs9LPv__qxBGbR4r-u-0zsGCJ$>">15</xccdf-1.2:reference>
<xccdf-1.2:reference href="https://www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf [cisecurity.org]<https://urldefense.com/v3/__https:/www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf__;!!LpKI!2cdxl_VMYS16PjzhVMUiXJspjruAwOlRd7smFWFjs9LPv__qxBGbR4r-u-0zsGCJ$>">16</xccdf-1.2:reference>
<xccdf-1.2:reference href="https://www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf [cisecurity.org]<https://urldefense.com/v3/__https:/www.cisecurity.org/wp-content/uploads/2017/03/Poster_Winter2016_CSCs.pdf__;!!LpKI!2cdxl_VMYS16PjzhVMUiXJspjruAwOlRd7smFWFjs9LPv__qxBGbR4r-u-0zsGCJ$>">5</xccdf-1.2:reference>
<xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux [public.cyber.mil]<https://urldefense.com/v3/__https:/public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems*2Cunix-linux__;JQ!!LpKI!2cdxl_VMYS16PjzhVMUiXJspjruAwOlRd7smFWFjs9LPv__qxBGbR4r-uyguYY87$>">SLES-12-010110</xccdf-1.2:reference>
<xccdf-1.2:reference href="https://public.cyber.mil/stigs/srg-stig-tools/ [public.cyber.mil]<https://urldefense.com/v3/__https:/public.cyber.mil/stigs/srg-stig-tools/__;!!LpKI!2cdxl_VMYS16PjzhVMUiXJspjruAwOlRd7smFWFjs9LPv__qxBGbR4r-u9lVaDzw$>">SV-217112r603262_rule</xccdf-1.2:reference>
<xccdf-1.2:rationale xml:lang="en-US">Without re-authentication, users may access resources or perform tasks for which they
do not have authorization.
ldpdd040:/tmp/scap-security-guide-0.1.55 #
I’ll keep fiddling with this, but please let me know if you see an obvious problem.
Thanks!
tl
From: Vojtech Polasek <vpolasek at redhat.com<mailto:vpolasek at redhat.com>>
Sent: Thursday, June 3, 2021 10:46 AM
To: Lemons, Terry
Cc: open-scap-list at redhat.com<mailto:open-scap-list at redhat.com>
Subject: Re: [Open-scap] Using the 'STIG ID' value to identify a rule
[EXTERNAL EMAIL]
Hello Terry,
well, then I think I can help you. You will need only the source datastream. You can for example download the latest upstream release here:
https://github.com/ComplianceAsCode/content/releases/download/v0.1.56/scap-security-guide-0.1.56.zip [github.com]<https://urldefense.com/v3/__https:/github.com/ComplianceAsCode/content/releases/download/v0.1.56/scap-security-guide-0.1.56.zip__;!!LpKI!01zvc4gvCJE55ksYMbnQ5JpKrizYZEiwzXqXZ_KumHMEd8Y7EsPQS6L-7jmqHmDl$>
Look at the file ssg-sle15-ds.xml. You can use this xpath expression to find a rule which has the STIG ID as its reference:
❯ //xccdf-1.2:Rule[xccdf-1.2:reference[contains (., "SLES-15-010400")]]/@id
Hope it helps,
Vojta
Dne 03. 06. 21 v 15:27 Lemons, Terry napsal(a):
Internal Use - Confidential
Hi Vojta
Thanks for your reply. Yes, that is exactly what I need to do!
My group knows STIG ID values. It’s how we track the open SLES 12 STIG (and other DISA STIG/SRG) rules in our reporting and work management systems. So, I want to deploy OpenSCAP in our environment in such a way that I can provide a text file containing a list of STIG ID values, have a lookup done from the STIG ID value to the corresponding ComplianceAsCode remediation, and execute ‘oscap’ to apply that remediation.
Yes, please let me know of a good way to accomplish this!
Thanks very much!
tl
From: Vojtech Polasek <vpolasek at redhat.com><mailto:vpolasek at redhat.com>
Sent: Thursday, June 3, 2021 8:11 AM
To: Lemons, Terry
Cc: open-scap-list at redhat.com<mailto:open-scap-list at redhat.com>
Subject: Re: [Open-scap] Using the 'STIG ID' value to identify a rule
[EXTERNAL EMAIL]
Hello Terry,
I am glad that you managed to cope with the generated table. But I feel that I have missed something in your request. could you please explain to me what are you trying to achieve? Maybe there is even easier way than to parse complicated HTML.
Are you trying to input a stigid and see if there is a rule within the content associated with the stigid?
If yes, then there is definitely easier way than this HTML table.
Best regards,
Vojta
Dne 02. 06. 21 v 23:35 Lemons, Terry napsal(a):
Internal Use - Confidential
Hi Vojta
Thanks again for this guidance. I’m going to try to parse the ‘stigid’ tables of the tables-sle12-all.html file using Linux commands. Xmllint seems like it should be able to find a SLES-12-nnnnnn value and return its ‘tooltip’ value:
<li class="collapsible">stigid</li>
<ul class="content">
<li class="collapsible">SLES-12-010000</li>
<ul class="content">
<li><div class="tooltip">installed_OS_is_vendor_supported<span class="tooltiptext">The Installed Operating System Is Vendor Supported</span>
</div></li>
</ul>
<li class="collapsible">SLES-12-010010</li>
<ul class="content">
<li><div class="tooltip">security_patches_up_to_date<span class="tooltiptext">Ensure Software Patches Installed</span>
</div></li>
I know that the ‘XPath_expression’ below isn’t correct yet, but I’ll keep playing with it:
:/tmp/scap-security-guide-0.1.55/tables # xmllint --html --xpath "//ul/li/SLES-12-010000" tables-sle12-all.html
XPath set is empty
:/tmp/scap-security-guide-0.1.55/tables #
Thanks
tl
From: open-scap-list-bounces at redhat.com<mailto:open-scap-list-bounces at redhat.com> <open-scap-list-bounces at redhat.com><mailto:open-scap-list-bounces at redhat.com> On Behalf Of Vojtech Polasek
Sent: Monday, May 24, 2021 9:36 AM
To: open-scap-list at redhat.com<mailto:open-scap-list at redhat.com>
Subject: Re: [Open-scap] Using the 'STIG ID' value to identify a rule
[EXTERNAL EMAIL]
Hello Terry,
we provide this table as a html. We provide it with each upstream release, the latest one is here:
https://github.com/ComplianceAsCode/content/releases/download/v0.1.55/scap-security-guide-0.1.55.zip [github.com]<https://urldefense.com/v3/__https:/github.com/ComplianceAsCode/content/releases/download/v0.1.55/scap-security-guide-0.1.55.zip__;!!LpKI!0ZIM9ZllvHQsegeEduAQJRQ2gVOZfVAlN4bMp9W1cBFtsUWmB5GXX6TGgR_J8QI4$>
It is located in the "tables" folder.
Note that during this week there will be a new release 0.1.56.
We currently do not publish this file in any other place as far as I know.
If you want to generate this file from the master branch, you have to clone the repo and build the sle product, e.g. run in the main folder:
./build_product sle12
I hope it helps,
Vojta
Dne 21. 05. 21 v 20:18 Lemons, Terry napsal(a):
Internal Use - Confidential
Hi
Wow, this is a great resource! Thank you very much for sharing it! This will be a huge help to my team, and will save us a lot of manual mapping time.
My first question is about format. What you attached is delivered to me as an html file with this format. I’m wondering if this is what you sent, or if it was changed by my company’s email protection system. What say you?
[cid:image001.jpg at 01D75C6E.E5421470]
Second, are you planning to make this file available as a routine download, available for everyone?
Thanks again!
tl
From: open-scap-list-bounces at redhat.com<mailto:open-scap-list-bounces at redhat.com> <open-scap-list-bounces at redhat.com<mailto:open-scap-list-bounces at redhat.com>> On Behalf Of Vojtech Polasek
Sent: Tuesday, May 18, 2021 3:35 AM
To: open-scap-list at redhat.com<mailto:open-scap-list at redhat.com>
Subject: Re: [Open-scap] Using the 'STIG ID' value to identify a rule
[EXTERNAL EMAIL]
Hello Terry,
Alex is probably right. This is afaik not supported in Openscap. But maybe I can help you with the mapping. We are generating a table which I attach during the build process of the content for each product. It shows mapping of references to rules. Maybe this is something you can start with.
I hope it helps,
Vojta
Dne 18. 05. 21 v 9:20 Alexander Bergmann napsal(a):
Hi Terry,
>From what I see inside the 'oscap-xccdf.c' functions [1] there is no way
to select anything else than the rule itself. So yes, your team would
need to implement a mapping between the STIG ID and the rule name
outside of the scap-security-guide profile.
Regards,
Alex~
[1] https://github.com/OpenSCAP/openscap/blob/maint-1.3/utils/oscap-xccdf.c [github.com]<https://urldefense.com/v3/__https:/github.com/OpenSCAP/openscap/blob/maint-1.3/utils/oscap-xccdf.c__;!!LpKI!0KlfNz5teRWcCGukU3oNEOoO4R4cOEUJHDLcz3nDa2XEcOVSP7OGQaXjqUWEEK7z$>
On Mon, May 17, 2021 at 07:39:21PM +0000, Lemons, Terry wrote:
Internal Use - Confidential
Hi Alex
Thanks very much for this informative reply!
So, am I correct in understanding that it is not possible to select a rule via any mechanism other than the rule's 'Rule ID' value, as in below:
oscap xccdf eval --rule xccdf_org.ssgproject.content_rule_ftp_present_banner --profile xccdf_org.ssgproject.content_profile_stig /tmp/scap-security-guide-0.1.55/ssg-sle12-ds.xml
WARNING: Datastream component 'scap_org.open-scap_cref_pub-projects-security-oval-suse.linux.enterprise.12.xml' points out to the remote 'https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.12.xml [ftp.suse.com]<https://urldefense.com/v3/__https:/ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.12.xml__;!!LpKI!0KlfNz5teRWcCGukU3oNEOoO4R4cOEUJHDLcz3nDa2XEcOVSP7OGQaXjqaQUV511$>'. Use '--fetch-remote-resources' option to download it.
WARNING: Skipping 'https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.12.xml [ftp.suse.com]<https://urldefense.com/v3/__https:/ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.12.xml__;!!LpKI!0KlfNz5teRWcCGukU3oNEOoO4R4cOEUJHDLcz3nDa2XEcOVSP7OGQaXjqaQUV511$>' file which is referenced from datastream
WARNING: Skipping ./pub-projects-security-oval-suse.linux.enterprise.12.xml file which is referenced from XCCDF content
Title Create Warning Banners for All FTP Users
Rule xccdf_org.ssgproject.content_rule_ftp_present_banner
Ident CCE-83059-6
Result pass
If so, then to meet my team's needs, we'll need to create a manual mapping between the SLES 12 STIG ID values that we know and the OpenSCAP 'Rule ID' value that implements the check and fix for that rule; true?
Thanks!
tl
-----Original Message-----
From: Alexander Bergmann <abergmann at suse.com><mailto:abergmann at suse.com>
Sent: Monday, May 17, 2021 11:58 AM
To: Lemons, Terry
Cc: open-scap-list at redhat.com<mailto:open-scap-list at redhat.com>
Subject: Re: [Open-scap] Using the 'STIG ID' value to identify a rule
Hi Terry,
I haven't checked the code in detail (yet), but as far as I can tell there is now way to select a rule via a present reference.
The STIG ID is listed as a reference inside the Rule statement itself.
>From the technical point it should be possible to implement such a feature inside OpenSCAP, but I'm not sure if this is desirable. A reference is simply not a clear identifier. Some references will also be used several times in different rules.
<xccdf-1.2:Rule id="xccdf_org.ssgproject.content_rule_installed_OS_is_vendor_supported" selected="false" severity="high"> ...
<xccdf-1.2:reference href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux" [public.cyber.mil]<https://urldefense.com/v3/__https:/public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems*2Cunix-linux__;JQ!!LpKI!0KlfNz5teRWcCGukU3oNEOoO4R4cOEUJHDLcz3nDa2XEcOVSP7OGQaXjqdpbuoLq$>>SLES-12-010000</xccdf-1.2:reference>
...
</xccdf-1.2:Rule>
>From the SCAP point of view, STIG is only one profile of many.
Maybe one way to explore would be the use of CCEs as a direct rule identifier. We assign CCEs to each STIG requirement 1:1 and they are listed inside the OpenSCAP output.
Title The Installed Operating System Is Vendor Supported
Rule xccdf_org.ssgproject.content_rule_installed_OS_is_vendor_supported
Ident CCE-83001-8
Result pass
So may that would be something for a future release.
Regards,
Alex~
On Fri, May 14, 2021 at 05:45:59PM +0000, Lemons, Terry wrote:
Internal Use - Confidential
Hi
I recently learned about OpenSCAP, and it seems to fill a need in my team. My team needs to address (close) all of the rules in the SLES 12 STIG on our product. It seems that using oscap, along with the most-recent 'scap-security-guide' (which appears to cover 146 SLES 12 STIG rules), will allow me to see which rules are open ('oscap xccdf eval') and to implement changes to close those rules ('oscap xccdf eval -remediate').
I know that I can use the '-rule' option to specify the name of a single rule to evaluate or remediate.
Our group identifies rules to be fixed, in our work management system and other systems, by the SLES 12 STIG 'STIG ID' value (ex., SLES-12-010000). I tried to use this value in the '-rule' option, and it failed to identify/find that rule.
How can I make oscap operate on a rule identified by 'STIG ID' value (or, even better, on a file containing a list of 'STIG ID' rules?
Thanks!
tl
Terry Lemons
[DellEMC_Logo_Hz_Blue_rgb_10percent]
Data Management
Infrastructure Solutions Group
176 South Street, MS 2/B-34
Hopkinton MA 01748
terry.lemons at dell.com<mailto:terry.lemons at dell.com><mailto:terry.lemons at dell.com><mailto:terry.lemons at dell.com>
_______________________________________________
Open-scap-list mailing list
Open-scap-list at redhat.com<mailto:Open-scap-list at redhat.com>
https://listman.redhat.com/mailman/listinfo/open-scap-list [listman.redhat.com]<https://urldefense.com/v3/__https:/listman.redhat.com/mailman/listinfo/open-scap-list__;!!LpKI!0KlfNz5teRWcCGukU3oNEOoO4R4cOEUJHDLcz3nDa2XEcOVSP7OGQaXjqSHI2E-R$>
--
Alexander Bergmann <abergmann at suse.com><mailto:abergmann at suse.com>
Security Engineer, GPG: E30A 65A4 0F50 0066 B2B5 F614 DE54 E875 9FFA 4886 SUSE Software Solutions Germany GmbH Maxfeldstr. 5, 90409 Nuremberg, Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer
_______________________________________________
Open-scap-list mailing list
Open-scap-list at redhat.com<mailto:Open-scap-list at redhat.com>
https://listman.redhat.com/mailman/listinfo/open-scap-list [listman.redhat.com]<https://urldefense.com/v3/__https:/listman.redhat.com/mailman/listinfo/open-scap-list__;!!LpKI!0KlfNz5teRWcCGukU3oNEOoO4R4cOEUJHDLcz3nDa2XEcOVSP7OGQaXjqSHI2E-R$>
_______________________________________________
Open-scap-list mailing list
Open-scap-list at redhat.com<mailto:Open-scap-list at redhat.com>
https://listman.redhat.com/mailman/listinfo/open-scap-list [listman.redhat.com]<https://urldefense.com/v3/__https:/listman.redhat.com/mailman/listinfo/open-scap-list__;!!LpKI!0ZIM9ZllvHQsegeEduAQJRQ2gVOZfVAlN4bMp9W1cBFtsUWmB5GXX6TGgdqcB2R_$>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20210608/80e06fe2/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 82620 bytes
Desc: image001.jpg
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20210608/80e06fe2/attachment.jpg>
More information about the Open-scap-list
mailing list