<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> Hello Leon, thank you very much for contacting us. I think I have some good news as well as not that good news for you. If I understand you correctly, your goal was to improve the Bash profile script. If you install the scap-security-guide package, the script is located at /usr/share/scap-security-guide/bash/fedora-script-standard.sh I assume you are talking about this file. If I understand it, you analysed the file and optimized it. That's helpful, thank you for that. Let's make some things clear - Openscap is a scanner. The script that you probably analyzed is part of scap-security-guide package, the upstream project is here: <a class="moz-txt-link-freetext" href="https://github.com/ComplianceAsCode/content/find/master">https://github.com/ComplianceAsCode/content/find/master</a> Unfortunately, we can't easily use your modified script in the project. Each profile (the standard profile) in your case, is composed of many rules. Most of these rules have Bash remediations - small pieces of Bash code which make the system compliant with one particular rule. For example <a class="moz-txt-link-freetext" href="https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh">https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh</a> Rules in the project try to be failry generic, independent of Linux distros or distro versions. That means that they might not be written in the most effective way possible. During the build process, all the Bash remediations of rules included in certain profile are combined into the Bash script which you decided to analyze. This ensures that any change in Bash remediation can be done in only one place and it will appear on many places in the project, including above mentioned Bash script. That unfortunately means, that direct usage of your script is not possible. However, you might have probably discovered some ways how to make such remediations more effective. That is always welcomed. Would you be willing to suggest improvements to individual Bash remediations in form of PR in to the Compliance as Code project? If you keep track of changes which you performed, it could be failry easy. We will be glad to review your changes. Speaking about mailing lists... you can use this one, although it is focused mainly on the Openscap scanner. There is another list focused on the content, which might be more appropriate. <a class="moz-txt-link-freetext" href="https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide">https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide</a> Or we can talk directly in Github discussions: <a class="moz-txt-link-freetext" href="https://github.com/ComplianceAsCode/content/discussions">https://github.com/ComplianceAsCode/content/discussions</a> Feel free to ask if you need more information. Best regards, Vojta <div class="moz-cite-prefix">Dne 02. 03. 21 v 12:29 Leon Imširović napsal(a): </div> <blockquote type="cite" cite="mid:CA+EPRM51L6+4_w3Nu1Y=Y-XugbdC03qx_J9Qy0vmpyU3+rKVYw@mail.gmail.com"> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <div dir="ltr">Hello everyone, <div> </div> <div>I hope you are all well for this corona time. </div> <div> </div> <div>Let me get to the point right away. </div> <div> </div> <div>For the topic of my dissertation I took OPENSCAP and for the goal of my work I set to security scan and secure Fedora 31 as much as possible. </div> <div> </div> <div> I used a Standard System Security Profile for Fedora (80). scanned the system and got results that were bad. I scanned with Scap Workbench After that, I decided to make my own Bash script that will solve all these security vulnerabilities. I finally succeeded after several months !! I compared my script to yours which was offered as a solution in remediation role and mine gives much better results, have 8 times less lines of code, and is much easier to understand. Attached is the listed bash script called Final.sh I would love if it is possible for you to let me know if you can check it out and give your opinion and maybe even include it in the Open Scap, and give some confirmation of what was done. Your opinion means a lot to me. Thank You, Leon Imsirovic Software Enginner in ATOS PS: I didn’t know who to send these results to so I decided here. </div> </div> <fieldset class="mimeAttachmentHeader"></fieldset> <pre class="moz-quote-pre" wrap="">_______________________________________________ Open-scap-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:Open-scap-list@redhat.com">Open-scap-list@redhat.com</a> <a class="moz-txt-link-freetext" href="https://listman.redhat.com/mailman/listinfo/open-scap-list">https://listman.redhat.com/mailman/listinfo/open-scap-list</a></pre> </blockquote> </body> </html>