[Open-scap] back port to rhel5.5?

[Steve Grubb]

On Sunday, April 17, 2011 11:23:37 AM Ted Toth wrote:
> > `oscap oval validate-xml usgcb-rhel5desktop-oval.xml` reports the
> > sames issues but it doesn't abend. Is this what you wanted to know?

Yes, I think that is helpful. I guess we need to back track from there to see what 
version its fixed.


> > Regarding the RHEL patch content I'd need a matching xccdf file to be
> > able to use this with openscap, right? 

No, I think you can run the OVAL content as is.

> > As I type I'm running it through ovaldi that I built using the CLIP 5.4 stuff from
> > Tresys but the customer and I would prefer an openscap solution.
> > What's involved in supporting a new schema? 

Adding new probes and going over the whole specification to see what else has changed. 
I don't think we did the gap analysis just yet.


> > I see the /usr/share/openscap/schemas/oval directory could I create a 5.8 using
> > the Mitre xsd files?
> 
> Do new probes for openscap need to be developed to support the
> partition_* elements?

Yes. That is part of the OVAL 5.8 work that should be starting in the coming weeks. We 
also need rpmverify and there is an selinux probe the content will need. But for your 
immediate problem, you can remove the partition test elements and this should work.

-Steve