[Open-scap] Remediation rollback?
Alexander Bergmann
abergmann at suse.com
Tue May 18 21:18:22 UTC 2021
Hi Terry,
A rollback is usual not possible as the previous state is not captured
before remediation. This goes for file and directory permissions,
installing new packages with the needed package relationships and
configuration file changes.
Shell script remediation does look like this for SLES-12-010460:
https://github.com/ComplianceAsCode/content/blob/2b2152d288e05f0d64f26fff3f01b0e75311023d/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
Regards,
Alex~
On Tue, May 18, 2021 at 08:43:38PM +0000, Lemons, Terry wrote:
> Hi
>
> I'm clear that oscap supports an evaluation function and a remediation function. But does a remediation rollback function exist, which would un-do a remediation change?
>
> Thanks
> tl
>
> Terry Lemons
>
> [DellEMC_Logo_Hz_Blue_rgb_10percent]
> Data Management
> Infrastructure Solutions Group
>
> 176 South Street, MS 2/B-34
> Hopkinton MA 01748
> terry.lemons at dell.com<mailto:terry.lemons at dell.com>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://listman.redhat.com/mailman/listinfo/open-scap-list
--
Alexander Bergmann <abergmann at suse.com>
Security Engineer, GPG: E30A 65A4 0F50 0066 B2B5 F614 DE54 E875 9FFA 4886
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nuremberg, Germany
(HRB 36809, AG Nürnberg)
Managing Director: Felix Imendörffer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20210518/aa8ba398/attachment.sig>
More information about the Open-scap-list
mailing list