On 04/04/2016 06:18 AM, Pravin Goyal wrote: > Thanks, Simon. I am getting started. > > So far, I have figured out that we need below steps: > > 1) Ensure that templates are in place in one directory (call it templates) > and the template to actual oval content creation works - > a) Have OVAL xml templates (the way you desire a particular probe based > check to look like - for example, disabling services, checking file > permissions, etc.). Take from existing or create your own. > b) csv files that contain the entry in the required format for a > particular probe based check > c) Python scripts to take each line item in csv and convert it into an > OVAL xml based on the desired template > > 2) Edit Makefile to build just oval content > a) That means combine oval singletons into one big oval assessment content > b) have boilerplate information such as xmlns, generator, etc. in place > > Are the above steps good enough for oval content creation? Am I missing any > steps? >
It is about right. There are some things that I would mention as well, but you are perhaps already familiar with: * There are OVAL files that are not generated from templates. * Templating mechanism is introduced only for multiple checks that share the logic * Look at templates in Debian/ directory. Guys there has been able to run the templates only during the build process. That should be the way forward in other directories as well. * The content authors tend to contribute XCCDF and OVAL together per check. Writing bigger OVAL part and then following with XCCDF is not that common. Best, ~š. > I am yet to work through all the steps above and just figured out the > information for now. If there is anything that helps jumpstart this, it would > be great, else, not a problem. I will eventually figure it out. (I come from > security and compliance background and not pure developer background - so > this might be at times difficult for me. But, perhaps, I will take some help > locally). > > Thanks and regards, > Pravin Goyal > ________________________________________ > From: Šimon Lukašík <[email protected]> > Sent: Friday, April 1, 2016 7:36 PM > To: Pravin Goyal; [email protected] > Subject: Re: [Open-scap] OVAL content authoring tool > > Hello Pravin, > > I advise you what folks working on Debian/ directory has achieved. > > Most of the checks will be the same for SuSE and Fedora derivatives. A > lot is shared with Debian as well. > > There will be some differences though, like configuration file paths. > > We try to leverage shared/ directory within SSG to have common code > written only once. > > > The build scripts are still a little hairy, so I advice you to start > with RHEL/7 or Fedora makefiles and remove everything that you don't > need in first stage. > > The build scripts are always work in progress, so don't be shy to amend > them as you see the need. > > Best, > ~š. > > On 03/31/2016 05:36 AM, Pravin Goyal wrote: >> Team, >> I need help. I need to setup a new platform say "SLES 11" in >> "scap-security-guide" project. What are the steps to be done? Where do I >> start? >> >> I see that the community has already done a lot of automation work in >> churning out SCAP DS with xccdf, oval and remediation. >> >> Please help. >> >> Thanks and regards, >> Pravin Goyal >> >> ________________________________________ >> From: Martin Preisler <[email protected]> >> Sent: Wednesday, March 30, 2016 8:18 PM >> To: Pravin Goyal >> Subject: Re: [Open-scap] OVAL content authoring tool >> >> ----- Original Message ----- >>> From: "Pravin Goyal" <[email protected]> >>> To: "Martin Preisler" <[email protected]> >>> Sent: Wednesday, March 30, 2016 12:24:14 AM >>> Subject: Re: [Open-scap] OVAL content authoring tool >>> >>> One thing that I can promise is to contribute OVAL checks that you can >>> include in SSG. I am targeting to develop OVAL rules for SLES 11 SP3 OS. So, >>> there would be a lot of common stuff. >> >> Please send your questions to the public mailing list. That way more people >> benefit from the reply. Thanks for understanding. >> >> >>> Trying to understand how to work with these transforms. >>> ________________________________________ >>> From: Pravin Goyal <[email protected]> >>> Sent: Wednesday, March 30, 2016 9:14 AM >>> To: Martin Preisler >>> Subject: Re: [Open-scap] OVAL content authoring tool >>> >>> Hi Martin, >>> I could see the scripts in Github. Is there a documented way to use it? >>> >>> Basically, I am looking to just do OVAL content at this point of time and >>> later merge with XCCDF document when I have it. >>> >>> Thanks and regards, >>> Pravin Goyal >>> ________________________________________ >>> From: Pravin Goyal <[email protected]> >>> Sent: Wednesday, March 30, 2016 4:16 AM >>> To: Martin Preisler >>> Subject: Re: [Open-scap] OVAL content authoring tool >>> >>> Thanks Martin for the quick response. >>> >>>> I recommend looking at how SSG is built, >>>> how we use templates to generate the boilerplate. >>> >>> Do you have this documented somewhere? Can you please share the link? >>> >>>> I recommend leveraging this community. I don't know if the project you will >>>> be working on is an open source project but if so we will be able (and >>>> happy) >>>> to help you review the patches and work on the project. >>> >>> Thanks for extending the help. As of now, the OVAL content creation is tied >>> very much to an internal product. STIG development for the product is in >>> progress. We are just starting. >>> ________________________________________ >>> From: Martin Preisler <[email protected]> >>> Sent: Tuesday, March 29, 2016 9:48 PM >>> To: Pravin Goyal >>> Cc: [email protected] >>> Subject: Re: [Open-scap] OVAL content authoring tool >>> >>> ----- Original Message ----- >>>> From: "Pravin Goyal" <[email protected]> >>>> To: [email protected] >>>> Sent: Tuesday, March 29, 2016 1:32:53 AM >>>> Subject: [Open-scap] OVAL content authoring tool >>>> >>>> Hi Team, >>>> I am sure this is a FAQ. Do you know of a well-maintained content authoring >>>> tool? >>> >>> We have tried several times to come up with some fancy GUI tool to help with >>> the development but never succeeded. The GUI tool ends up having too many >>> options or it's not powerful enough. I recommend looking at how SSG is >>> built, >>> how we use templates to generate the boilerplate. >>> >>> The tools I suggest are git, a text editor and SSG build scripts. >>> >>>> I am aware of >>>> https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL/6/transforms >>>> that we use to develop SSG content. >>>> >>>> Is this still valid - >>>> http://blog-shawndwells.rhcloud.com/wp-content/uploads/2013/07/SCAP-Workshop-Coursebook-v2.pdf >>>> ? >>> >>> Looks like it is except for the repository URIs. Change them to github URIs >>> and this will work. >>> >>>> Do you have any other suggestions in this regard? I am beginning a project >>>> that would require the development of some 500+ OVAL rules. So, I am just >>>> ensuring that I can make the best use of tools or processes already known >>>> to >>>> the community. >>> >>> I recommend leveraging this community. I don't know if the project you will >>> be working on is an open source project but if so we will be able (and >>> happy) >>> to help you review the patches and work on the project. >>> >>> -- >>> Martin Preisler >>> Identity Management and Platform Security | Red Hat, Inc. >>> >> >> -- >> Martin Preisler >> Identity Management and Platform Security | Red Hat, Inc. >> >> _______________________________________________ >> Open-scap-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/open-scap-list >> > > > ~š. > ~š. _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
