[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Open-scap] support for remediation (parameters for fixes?)

Ah, I see Simon already answered this, a while back:

We will give this a spin.  Any other suggestions are also most welcome. OpenSCAP remains a key element for security automation -- thanks again.

On Sat, Jun 1, 2013 at 10:01 AM, Steve Grubb <sgrubb redhat com> wrote:

----------  Forwarded Message  ----------

Subject: support for remediation (parameters for fixes?)
Date: Friday, May 31, 2013, 07:18:36 PM
From: Jeffrey Blank <jeffblank gmail com>
To: open-scap-list redhat com

Hi OpenSCAP Developers,

Could you tell us about the current support for remediation in OpenSCAP

The Aqueduct community is interested in creating remediation scripts for
the DISA STIG, which is of course based on SCAP content from
scap-security-guide project.

I see that you have creating some tooling to generate fix scripts and it
would be great if the Aqueduct community could  leverage OVAL (or SCE)
checks, instead of creating their own script checks and fixes entirely in
bash.  I took a brief look at  /usr/share/openscap/xsl/fix.xsl and
fixtpl-bash.xml, and this suggests that variable substitution (XCCDF
Values/OVAL variables, via <sub>) were considered.

If there is any example content, that would be excellent to see.

It would be compelling if tooling could support both separable and
parameterized checking and fix generation, as it would enable system
auditors and system administrators to use the same toolchain.  This would
permit combination of effort and reduction of misery.


Open-scap-list mailing list
Open-scap-list redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]