[Open-scap] Tool to generate datastream XML

Jan Černý jcerny at redhat.com
Mon May 9 08:01:05 UTC 2022 

Hi,

If you have an existing SCAP source data stream and you only want to 
select or deselect some of the rules, you can create a tailoring file
using GUI SCAP Workbench or on command line using the autotailor command
or manually. A tailoring file is a simple delta file describing 
differences from existing profiles.

If you want to build a new SCAP source data stream you can start hacking
on the project from which the SCAP source data streams are generated.
https://github.com/ComplianceAsCode/content/. There you can create your
own profiles with your own selections. But, unfortunately, it currently
doesn't have an easy way to influence the set of rules that are included
into the built SCAP source data stream. The build system picks the rules
based on their "prodtype" key in the rule YAML file. This is even more 
complicated by the fact that some rules don't have the
prodtype specified so they are always picked. I believe that you could 
modify the content's build system to pick only rules that are part of 
your profile or of some given list. But this feature isn't there at the 
moment. I think that rethinking the prodtype selections and coming up
with a more flexible solution would be great.

Regarding the memory usage, it's a complex problem, in which the size
of the input file - input SCAP source data stream is only one of the 
factors. Other factors include:
- the way the checks are written, some checks lead to collecting a large 
amount of data from the system. For example, a rule that requires that 
all files must be owned by a specific user will cause a lot of data 
collected therefore a large report therefore a large memory usage if the
evaluated operating system contains a lot of files that aren't owned by 
this user.
- selection of rules in the profile (related to previous item, if your 
profile contains a rule that reads the whole file system it can cause 
memory issues)
- creation of HTML report during the scan
- memory leaks and similar bugs in the scanner that you accidentally hit
during the scan

Hope that helps.

Best Regards

On 5/8/22 08:24, ajay nair wrote:
> Hey team,
> 
> I am trying to generate a datastream file that will only include the rules
> that I wish to run. Are there any tools that will help me generate DS? I am
> mainly trying to write my own DS to reduce memory usage. Thanks.
> 
> 
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://listman.redhat.com/mailman/listinfo/open-scap-list

-- 
Jan Černý
Security Technologies | Red Hat, Inc.

More information about the Open-scap-list mailing list