<div dir="ltr"><div>It kind of depends on what exactly you are trying to achieve. For example, if you are modifying the ansible playbooks and want to have those changes permanently present and let's say, keep them organized... then you will definitely need to get involved with the project. I'm assuming you are directly changing the playbooks to your own custom way (not talking about variables and such, which in this case SCAP workbench would help you in creating customized profiles and select custom values for variables).</div><div><br></div><div>For a regular end user, what they will usually interact in a sense of customization is the profile tailoring which will result in different selections of ansible playbooks being generated for example. I hope that this helps.</div><div><br></div><div>Regards<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Oct 7, 2022 at 8:38 PM Johnnie W Adams <<a href="mailto:jxadams@ualr.edu">jxadams@ualr.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi, Gabriel Gaspar Becker,<div><br></div><div> I'm a little ways into the workshop, and I'd like to ask if (in your opinion) it will be useful to me as an end user. It appears to me to be more of a developer tutorial.</div><div><br></div><div>Thanks,</div><div><br></div><div> John A</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 4, 2022 at 10:38 AM Gabriel Gaspar Becker <<a href="mailto:ggasparb@redhat.com" target="_blank">ggasparb@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>These playbooks are organized individually in the project <a href="https://github.com/ComplianceAsCode/content/" target="_blank">https://github.com/ComplianceAsCode/content/</a></div><div><br></div><div>Which then are built into those complex datastreams and consumed by OpenSCAP, I believe reading about the ComplianceAsCode content and specially doing this workshop <a href="https://github.com/ComplianceAsCode/content/blob/master/docs/workshop/README.adoc" target="_blank">https://github.com/ComplianceAsCode/content/blob/master/docs/workshop/README.adoc</a> will give you a better understanding of the whole process.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 29, 2022 at 3:47 PM Johnnie W Adams <<a href="mailto:jxadams@ualr.edu" target="_blank">jxadams@ualr.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi, Vojtech,<div><br></div><div> Sorry--I'll be more exact.</div><div><br></div><div> I am working with the remediation playbook generated by running a scan and attempting to edit it down. I was able to make an edited version with the three high severity rules we wanted to enforce. That was simple, because there were three easily isolated plays.</div><div><br></div><div> I'm having a difficult time doing the same thing with the medium severity rules. The playbook is very large and editing it down is a challenge. So here's my original question better asked:</div><div><br></div><div> How do you edit down such a massive playbook? And after you've edited it down, how do you organize the plays inside it? These are more practical questions than deep technical questions.</div><div><br></div><div>Thanks,</div><div><br></div><div> John A</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Sep 29, 2022 at 8:33 AM Vojtech Polasek <<a href="mailto:vpolasek@redhat.com" target="_blank">vpolasek@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> <div> <p>Hello John,</p> <p>could you please explain what are you trying to do? I am afraid that we might be using different terms. See below.</p> <p>Vojta<br> </p> <p><br> </p> <div>Dne 27. 09. 22 v 20:50 Johnnie W Adams napsal(a):<br> </div> <blockquote type="cite"> <div dir="ltr">Hi, folks, <div><br> </div> <div> It wasn't too hard to get an Ansible playbook for the three high severity rules I just fixed.</div> <div><br> </div> </div> </blockquote> <p>That's good. <br> </p> <p><br> </p> <blockquote type="cite"> <div dir="ltr"> <div> Now I'm looking at a report with I don't know how many medium severity rules in it, and I'm at a loss as to how to edit it.</div> </div> </blockquote> <p><br> </p> <p>What kind of report? Is it a HTML report? Is it a file with ARF results? Is it a XCCDF results file? What command did you use to scan / generate the report?<br> </p> <blockquote type="cite"> <div dir="ltr"> <div><br> </div> <div> How do you folks do it? I mean that both mechanically--How do you create a valid playbook from that huge file?--and logically--How do you organize the plays? It's quite a task!</div> <div><br> </div> </div> </blockquote> <p>Well, openscap can generate a playbook based on several sources:</p> <p>- a datastream - it can generate complete playbook for a whole profile. Each task inthe playbook has several tags which can help you to choose which tasks to run. You can select tasks based on the XCCDF rule they belong to, based on their severit etc.<br> </p> <p>- XCCDF result file - if you scan the system with command like this:</p> <p>```</p> <p>oscap xccdf eval --profile some_profile --results results.xml path_to_datastream</p> <p>```</p> <p><br> </p> <p>You will get the XCCDF results file results.xml. This can be later put into the command like:</p> <p>```</p> <p>oscap xccdf generate fix --fix-type ansible --output playbook.yml --result-id xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_profile_name results.xml</p> <p>```</p> <p><br> </p> <p>So it depends what you want to do.</p> <p><br> </p> <blockquote type="cite"> <div dir="ltr"> <div>Thanks,</div> <div><br> </div> <div> John A<br clear="all"> <div><br> </div> -- <br> <div dir="ltr"> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr"> <div> <div dir="ltr"> <div>John Adams<br> Senior Linux/Middleware Administrator | Information Technology Services<br> <a value="+15019163010">+1-501-916-3010</a> | <a href="mailto:jxadams@ualr.edu" target="_blank">jxadams@ualr.edu</a> | <a href="http://ualr.edu/itservices" target="_blank">http://ualr.edu/itservices</a><font size="2"><span><br> <b>UA Little Rock</b></span></font></div> <div><font size="2"><b><br> </b></font></div> <div> <p><font style="background-color:rgb(255,255,255)" size="2" face="monospace, monospace" color="#000000">Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit <a href="http://ualr.edu/itservices/security/" target="_blank">IT Security</a>.</font><font size="1"><b><span style="font-family:"times new roman",serif"></span></b></font></p> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> <br> <fieldset></fieldset> <pre>_______________________________________________ Open-scap-list mailing list <a href="mailto:Open-scap-list@redhat.com" target="_blank">Open-scap-list@redhat.com</a> <a href="https://listman.redhat.com/mailman/listinfo/open-scap-list" target="_blank">https://listman.redhat.com/mailman/listinfo/open-scap-list</a> </pre> </blockquote> </div> </blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>John Adams<br>Senior Linux/Middleware Administrator | Information Technology Services<br><a value="+15019163010">+1-501-916-3010</a> | <a href="mailto:jxadams@ualr.edu" target="_blank">jxadams@ualr.edu</a> | <a href="http://ualr.edu/itservices" target="_blank">http://ualr.edu/itservices</a><font size="2"><span><br><b>UA Little Rock</b></span></font></div><div><font size="2"><b><br></b></font></div><div> <p><font style="background-color:rgb(255,255,255)" size="2" face="monospace, monospace" color="#000000">Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit <a href="http://ualr.edu/itservices/security/" target="_blank">IT Security</a>.</font><font size="1"><b><span style="font-family:"times new roman",serif"></span></b></font></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div> _______________________________________________<br> Open-scap-list mailing list<br> <a href="mailto:Open-scap-list@redhat.com" target="_blank">Open-scap-list@redhat.com</a><br> <a href="https://listman.redhat.com/mailman/listinfo/open-scap-list" rel="noreferrer" target="_blank">https://listman.redhat.com/mailman/listinfo/open-scap-list</a><br> </blockquote></div> </blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>John Adams<br>Senior Linux/Middleware Administrator | Information Technology Services<br><a value="+15019163010">+1-501-916-3010</a> | <a href="mailto:jxadams@ualr.edu" target="_blank">jxadams@ualr.edu</a> | <a href="http://ualr.edu/itservices" target="_blank">http://ualr.edu/itservices</a><font size="2"><span><br><b>UA Little Rock</b></span></font></div><div><font size="2"><b><br></b></font></div><div> <p><font style="background-color:rgb(255,255,255)" size="2" face="monospace, monospace" color="#000000">Reminder: IT Services will never ask for your password over the phone or in an email. Always be suspicious of requests for personal information that come via email, even from known contacts. For more information or to report suspicious email, visit <a href="http://ualr.edu/itservices/security/" target="_blank">IT Security</a>.</font><font size="1"><b><span style="font-family:"times new roman",serif"></span></b></font></p></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div> </blockquote></div>