Hi, The bash code is taken from the input SCAP content, eg. from /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml there is no magic behind that, basically oscap simply extracts snippets from XML.
If you want to amend the script that is generated by oscap, unfortunately that is not possible, we don't have any option to customize the "oscap xccdf generate fix" command. Only way is to edit the generated script manually. The best thing that you could do is to share your bash code with others, that means to propose a pull request on SCAP Security Guide project. The source code repository can be found on https://github.com/OpenSCAP/scap-security-guide We can help you with that and we will be happy if you contribute. I recommend exploring /shared/templates/static/bash and /shared/templates directories in the SCAP Security Guide source code repository. Regards Jan Černý Security Technologies | Red Hat, Inc. ----- Original Message ----- > From: "Greg Silverman (CS)" <greg.silver...@veritas.com> > To: open-scap-list@redhat.com > Cc: "DL-VTAS-AS-Team-Sangria" <dl-vtas-as-team-sang...@veritas.com> > Sent: Tuesday, March 21, 2017 7:17:36 PM > Subject: [Open-scap] customizing generation of mediation scripts > > > > I would like to modify the fixes that oscap will generate and add some > automatic fixes. For example > > > > 1. The firewall fix bash code does not add the ssh service to the drop zone. > Which file can I modify so that the “add-services ssh” is included in the > generated remediation script. > > 2. Where can I add bash code to fix items that are not currently fixed? (I > realize that some future release may replace changes I make now.) > > > > > > Greg Silverman > > Veritas Technologies > > Mountain View, CA > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
