[Open-scap] tailoring file not working
Shawn Wells
shawn at redhat.com
Wed Mar 29 20:31:43 UTC 2017
On 3/29/17 11:52 AM, Mohanraj, Bharath wrote:
>
> Can you try replacing,
>
>
>
> --profile xccdf_org.ssgproject.content_profile_pci-dss
>
>
>
> With
>
>
>
> --profile xccdf_org.ssgproject.content_profile_pci-dss_with_ot
>
+1
Remember to point OpenSCAP at the tailor file, not the original datastream.
>
>
> *From:*open-scap-list-bounces at redhat.com
> [mailto:open-scap-list-bounces at redhat.com] *On Behalf Of *Josh Moore
> *Sent:* Wednesday, March 29, 2017 6:49 PM
> *To:* open-scap-list at redhat.com
> *Subject:* [Open-scap] tailoring file not working
>
>
>
> I am working on creating a tailored PCI profile that accounts for
> items covered by our provider. So I want to tailer the profile to
> remove what I consider to be false positives. I have created the
> tailoring file on my Mac desktop and copied it to my centos 7 test
> machine. However, when I run the oscap command on the centOS server
> the tailoring file is ignored. Any idea of what I am doing wrong?
>
>
>
> oscap xccdf eval --tailoring-file tailoring.xml --report report.html
> --profile xccdf_org.ssgproject.content_profile_pci-dss
> /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml
>
>
>
> Tailoring File content:
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__checklists.nist.gov_xccdf_1.2&d=CwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=ylluGgiy6YcBNWxAWKqJ9Q&m=VwBwnTVJ6mbd1LCcB1mmKlR4TDm7H5rmbFpbSTdl8o8&s=9rqddwDp15TZtPAQFqFc1Cfp3tmrR5nqYnTRme9xenk&e=>"
> id="xccdf_scap-workbench_tailoring_default">
>
> <xccdf:benchmark
> href="/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml"/>
>
> <xccdf:version time="2017-03-29T09:09:14">1</xccdf:version>
>
> <xccdf:Profile
> id="xccdf_org.ssgproject.content_profile_pci-dss_with_ot"
> extends="xccdf_org.ssgproject.content_profile_pci-dss">
>
> <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.w3.org_1999_xhtml&d=CwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=ylluGgiy6YcBNWxAWKqJ9Q&m=VwBwnTVJ6mbd1LCcB1mmKlR4TDm7H5rmbFpbSTdl8o8&s=DKeXAv2csKLxOp4wSQI6DAH1VtLlOc0plYIVpTPuVVs&e=>"
> xml:lang="en-US" override="true">PCI-DSS v3 Control Baseline for Red
> Hat Enterprise Linux 7 [CUSTOMIZED]</xccdf:title>
>
> <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.w3.org_1999_xhtml&d=CwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=ylluGgiy6YcBNWxAWKqJ9Q&m=VwBwnTVJ6mbd1LCcB1mmKlR4TDm7H5rmbFpbSTdl8o8&s=DKeXAv2csKLxOp4wSQI6DAH1VtLlOc0plYIVpTPuVVs&e=>"
> xml:lang="en-US" override="true">This is a *draft* profile for PCI-DSS
> v3</xccdf:description>
>
> <xccdf:select idref="xccdf_org.ssgproject.content_group_aide"
> selected="false"/>
>
> <xccdf:select
> idref="xccdf_org.ssgproject.content_group_smart_card_login"
> selected="false"/>
>
> </xccdf:Profile>
>
> </xccdf:Tailoring>
>
>
> Thanks,
>
>
>
> Josh Moore
>
> Chief Architect
>
> TarokoSoftware
>
>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
--
Shawn Wells
Chief Security Strategist
U.S. Public Sector
shawn at redhat.com | 443.534.0130
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20170329/8734b21c/attachment.htm>
More information about the Open-scap-list
mailing list