<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 4/15/15 1:11 PM, Greg Elin wrote:<br>
</div>
<blockquote
cite="mid:CACZRBDR=DhiKkadH3UkdFV7COEN8qyGm1YTKH3MG0y86wuLeNw@mail.gmail.com"
type="cite">
<div class="gmail_default" style="font-size:small">Jacob,</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">Thanks for
opening this topic. My question would be -- if OpenSCAP is open
source, why aren't we publishing the remediation and remediation
script section online? Why is only available in the report?</div>
</blockquote>
<br>
Remediation is provided through content. In terms of what's shipping
in RHEL (SCAP Security Guide), all the remediation scripts are on
GitHub:<br>
<a class="moz-txt-link-freetext" href="https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/6/input/fixes/bash">https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/6/input/fixes/bash</a><br>
<br>
The remediation is visible in the various prose guides and reports
that OpenSCAP generates.<br>
<br>
<blockquote
cite="mid:CACZRBDR=DhiKkadH3UkdFV7COEN8qyGm1YTKH3MG0y86wuLeNw@mail.gmail.com"
type="cite">
<div class="gmail_default" style="font-size:small">If it does make
sense to have the remediation information local, I think it
might even be better in a separate document/report.</div>
</blockquote>
<br>
Can you detail this out some more? The RHEL7 reports look like this:<br>
<br>
<img src="cid:part1.02060502.01090208@redhat.com" alt=""><br>
<br>
<br>
The remediation content could either be copy/pasted, or you could
use OpenSCAP to transform that into a shell script to be ran.<br>
<br>
Alternatively, you could tell OpenSCAP to perform the remediation
during scanning, and generate a report after all remediation is
applied.<br>
<br>
</body>
</html>