[Open-scap] Editing XCCDF/OVAL

Peter Vrabec pvrabec at redhat.com
Mon Oct 31 21:47:59 UTC 2011 

Hi Svan,

scap-workbench is a tool developed by us. It allows user to do the local scan, 
"tailor"(adjust) XCCDF checklist profile and edit XCCDF content.

> Hi Sven,
> 
> You might want to check out the SCAP Workbench
> (https://fedorahosted.org/scap-workbench/), the Recommendation Tracker
> (http://sourceforge.net/projects/rectracker/), 
rectracker is a new to me. It looks it use mysql. Good.

> and the eSCAPe editor
> (http://www.g2-inc.com/escape)?

What all these have in common is that they are all GUI tools. I'd like to 
point you at this approach:

https://fedorahosted.org/scap-security-guide/

It's a combination of: Makefiles, XSLT, XML, SCC and GIT. 
Please don't get scared now. It might look like a mess but it's not. ;) 
Personally, I like it more then GUI approach. 

* Version control system comes very handy in process of content development. 
(Undo, Redo, History, ...)
* SCC gets you thru OVAL disadventages. 
* XML for XCCDF is doable. You can also use XML editor. 
* XSLT for html.
* Finally, Makefile to "build" it a all.

Please take a look and I'll be glad if you share your opinion with us.

Peter.



> Hope this helps.
> 
> Thanks,
> 
> Danny
> 
> -----Original Message-----
> From: open-scap-list-bounces at redhat.com
> [mailto:open-scap-list-bounces at redhat.com] On Behalf Of Sven Vermeulen
> Sent: Monday, October 31, 2011 12:03 PM
> To: open-scap-list at redhat.com
> Subject: [Open-scap] Editing XCCDF/OVAL
> 
> Hi guys,
> 
> I'm currently trying to get a hardening guide up (through XCCDF) with
> support for validation (through OVAL) for the Gentoo distribution. For the
> time being, I'm editing the document through whatever favorite text editor
> is out there (in my case, vim) but this is becoming quite an effort.
> 
> What kind of tools are out there for developing XCCDF/OVAL content? I have
> seen a few graphical tools (but they didn't help much beyond automated id
> generation) and Tresys' SCC, but that didn't reduce the complexity as much.
> 
> Wkr,
> 	Sven Vermeulen
> 
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list

More information about the Open-scap-list mailing list