[Open-scap] RFE: oscap tool to provide information about a given file

Martin Preisler mpreisle at redhat.com
Thu Oct 18 11:02:41 UTC 2012 

Hi,

I think it's a good proposal. Performance concerns are not applicable to this case IMO, so we could display all the info that is quick to determine, flush the screen and then perform the lengthy validation. User can CTRL+C cancel at any moment. Having "Valid: YES (XCCDF 1.2)" would be very useful in troubleshooting situations.

I want to discuss one issue I have that could be related. Profiles have gotten increasingly long and hard to memorise IDs, having to type them via the command line with no auto completion is just annoying and error prone. What I usually do is grep the "*-xccdf.xml" file for Profile and select copy the id. In my opinion that is not a good user experience ;-)

Displaying available profiles in info is great but I am thinking if the functionality is written in a reusable way we could list the profiles when user tries to select a profile that doesn't exist. And if oscap info has an output mode that bash completion can grok we could auto complete the --profile option.

Alternatively we might also introduce an "interactive" mode but to be honest I am not a big fan of that.

----- Original Message -----
> From: "Simon Lukasik" <slukasik at redhat.com>
> To: open-scap-list at redhat.com
> Sent: Wednesday, October 17, 2012 11:06:43 PM
> Subject: [Open-scap] RFE: oscap tool to provide information about a given	file
> 
> Hiya list,
> 
> Here is a feature request for oscap.
> 
> Rationale: In the SCAP world, there is a handful of standards and
> file
> formats. oscap tool can process increasing number of them, but user
> still needs to know what is what and what option to use. Situation
> partially improves with emerge of DataStreams, but still DataStreams
> are
> rather rare.
> 
> Feature: oscap tool option 'info' taking a single file and printing
> any
> information useful for its (file's) usage.
> 
> The output of
> 
>    $ oscap info foo.xml
> 
> could then look like either:
> 
> --
>    foo.xml is XCCDF 1.1 document.
>    <Here goes the BENCHMARK/TITLE>
>    Document contains following profiles: ftp, desktop, server,
>    common.
>    Document can employ following oval files: bar.xml
>    Use `oscap xccdf eval` module to evaluate it.
>    Use `oscap xccdf validate-xml` module to validate it.
> --
>    foo.xml is results datastream.
>    It contains results of evaluation on machine x.example.com
>    on 1970-01-01.
> --
>    foo.xml is source datastream.
>    Use `oscap ds` module to split or to validate it.
>    Use `oscap xccdf eval` module to evaluate it.
> --
>    foo.xml is CPE dictionary.
>    Use `--cpe-dict foo.xml` option during XCCDF evaluation
>    to apply this CPE dictionary.
> --
>    foo.xml is OVAL version 5.10.1 document.
>    Use `oscap oval eval` module to evaluate it.
>    Use `oscap oval validate-xml` module to validate it.
> --
>    foo.xml is OVAL version 7.40.315 document.
>    This version of OpenSCAP does not support it.
> --
>    foo.xml is not an XML document.
> --
>    foo.xml is a document of unknown type.
> --
> 
> Additionally it could take the --validate to validate the given
> document
> with schematron.
> 
> 
> As any other feature, it would require to do some coding, mantainance
> and testing. I wonder if the effort would be beneficial for a
> community...?
> 
> Thanks,
> 
> --
> Simon Lukasik
> Security Technologies
> 
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
>

More information about the Open-scap-list mailing list