Hello all, Short versions: What are best practices/guidance/suggestions for keeping a customization file while upgrading between OS releases. This also gets down to determining what has changed between versions.
Long version: We generated our own customization against the RHEL7.3 'STIG for Red Hat Enterprise Linux 7 Server' profile, and are now migrating to RHEL7.5, which provides the 'DISA STIG FOR Red Hat Enterprise Linux 7' profile instead. What is involved in having our 7.3 customization file imported correctly and applied to the default profile, and is there anyway to show a delta between the RHEL7.3 profile and the RHEL7.5 profile, with or without (preferably with) our customizations? Initially on our RHEL7.5 box I tried to invoke 'scap-workbench OurCustomizationFile.xml', but that resulted in no rules being displayed (and no warnings/errors either for that matter). This is when I discovered that RHEL7.3 and RHEL7.5 had different profiles. I wound up editing our customization file to refer to the RHEL7.5 profile name instead of the RHEL7.3 name, which appears to work. I did notice when I save just the customizations again there were substantially more things in that file than were in the original customizations. Mostly selected rules and such, but also default values. I *think* all of our mods were preserved (still digging through), but wonderered about the other new values. And as for the last question above - is there a way to compare 'profiles' (with or without customization) to see the differences between them? Or even load a base profile and have the customizations highlighted? -Rob Robert Sanders Sr. Secure Systems Engineer FORCEPOINT T +1.703.896.4762 F +1.703.318.5041 www.forcepoint.com FORWARD WITHOUT FEAR
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
