[Open-scap] oscap generate guide ignores profile
Sven Vermeulen
sven.vermeulen at siphos.be
Thu Dec 12 13:04:55 UTC 2013
On Thu, Dec 12, 2013 at 7:53 AM, Sven Vermeulen
<sven.vermeulen at siphos.be> wrote:
>> It'd be incredibly useful to generate a true guide, versus a checklist,
>> per profile.
>
> I don't think that is possible without changing the XCCDF schema. The
> content of a guide is provided by Group tags whereas the checks are Rule
> tags.
>
> Profiles are used to toggle Rules, not Groups, so openscap cannot know which
> Groups to include and which don't.
>
> At least, that is my feeble impression on the XCCDF standard. Might be wrong
> though.
And I am. Just read through the XCCDF 1.2 document (NISTir 7275-r2)
and Profiles can operate on Groups as well.
Wkr,
Sven Vermeulen
More information about the Open-scap-list
mailing list