[Open-scap] Tool to generate datastream XML
Jan Černý
jcerny at redhat.com
Mon May 9 08:01:05 UTC 2022
Hi,
If you have an existing SCAP source data stream and you only want to
select or deselect some of the rules, you can create a tailoring file
using GUI SCAP Workbench or on command line using the autotailor command
or manually. A tailoring file is a simple delta file describing
differences from existing profiles.
If you want to build a new SCAP source data stream you can start hacking
on the project from which the SCAP source data streams are generated.
https://github.com/ComplianceAsCode/content/. There you can create your
own profiles with your own selections. But, unfortunately, it currently
doesn't have an easy way to influence the set of rules that are included
into the built SCAP source data stream. The build system picks the rules
based on their "prodtype" key in the rule YAML file. This is even more
complicated by the fact that some rules don't have the
prodtype specified so they are always picked. I believe that you could
modify the content's build system to pick only rules that are part of
your profile or of some given list. But this feature isn't there at the
moment. I think that rethinking the prodtype selections and coming up
with a more flexible solution would be great.
Regarding the memory usage, it's a complex problem, in which the size
of the input file - input SCAP source data stream is only one of the
factors. Other factors include:
- the way the checks are written, some checks lead to collecting a large
amount of data from the system. For example, a rule that requires that
all files must be owned by a specific user will cause a lot of data
collected therefore a large report therefore a large memory usage if the
evaluated operating system contains a lot of files that aren't owned by
this user.
- selection of rules in the profile (related to previous item, if your
profile contains a rule that reads the whole file system it can cause
memory issues)
- creation of HTML report during the scan
- memory leaks and similar bugs in the scanner that you accidentally hit
during the scan
Hope that helps.
Best Regards
On 5/8/22 08:24, ajay nair wrote:
> Hey team,
>
> I am trying to generate a datastream file that will only include the rules
> that I wish to run. Are there any tools that will help me generate DS? I am
> mainly trying to write my own DS to reduce memory usage. Thanks.
>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://listman.redhat.com/mailman/listinfo/open-scap-list
--
Jan Černý
Security Technologies | Red Hat, Inc.
More information about the Open-scap-list
mailing list