<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <br>
    <br>
    <div class="moz-cite-prefix">On 4/5/17 2:54 PM, Greg Hennessy wrote:<br>
    </div>
    <blockquote
cite="mid:CA+mZaONY+5Fqab38Q13Qf-SEEGg5G4rmoro2sH2p1A1fzAgnpA@mail.gmail.com"
      type="cite">
      <div dir="ltr">Bummer</div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, Apr 5, 2017 at 1:53 PM, Shawn
          Wells <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:shawn@redhat.com" target="_blank">shawn@redhat.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000"><span class=""> <br>
                <br>
                <div class="m_7379048956877122268moz-cite-prefix">On
                  4/5/17 1:43 PM, Greg Hennessy wrote:<br>
                </div>
                <blockquote type="cite">I am exploring the use of
                  open-scap to verify my machines meet
                  <div>the DISA stigs. If I run oscap against the </div>
                  <div>/usr/share/xml/scap/ssg/<wbr>content/ssg-rhel7-ds.xml
                    file  things seem to work</div>
                  <div>as expected. If I run oscap against the file from
                    <a moz-do-not-send="true"
                      href="http://iase.disa.mil" target="_blank">iase.disa.mil</a>,
                    all </div>
                  <div>of the results show "notchecked". Does anyone
                    have a sugguestion as to</div>
                  <div>how to force the checks to happen?</div>
                  <div><br>
                  </div>
                  <div>My typed command line is:</div>
                  <div><br>
                  </div>
                  <div>
                    <div># oscap xccdf eval --profile MAC-2_Public
                       --report /tmp/disa_stig.html
                      U_Red_Hat_Enterprise_Linux_7_<wbr>STIG_V1R1_Manual-xccdf.xml</div>
                  </div>
                </blockquote>
                <br>
              </span> DISA does not publish automation content -- so
              it's impossible to use their content. <br>
            </div>
          </blockquote>
        </div>
      </div>
    </blockquote>
    <br>
    With that said, we're tracking to having a SSG profile align more
    directly against the content DISA published. Here's a dashboard with
    the missing pieces:<br>
    <br>
    <a class="moz-txt-link-freetext" href="https://github.com/OpenSCAP/scap-security-guide/projects/7">https://github.com/OpenSCAP/scap-security-guide/projects/7</a><br>
    <br>
    Patches most welcome, especially to build out missing OVAL!<br>
  </body>
</html>