The comment-stripping might be done by OpenSCAP (by design?). Related discussion: https://www.redhat.com/archives/open-scap-list/2012-October/msg00001.html
In any event, you certainly have an ACK for fixing the URN in the fix script. I assume this is just providing OpenSCAP what it expects/wants. On 02/05/2013 11:21 AM, Shawn Wells wrote: > On 2/5/13 11:19 AM, Shawn Wells wrote: >> Before the change: >> $ oscap xccdf generate fix --result-id >> xccdf_org.open-scap_testresult_stig-rhel6-server /tmp/stig-results.xml >> >> After the change: >> $ oscap xccdf generate fix --result-id >> xccdf_org.open-scap_testresult_stig-rhel6-server /tmp/stig-results.xml >> >> yum install aide > > Comments within the output were stripped for some reason. Actual output: > >> $ oscap xccdf generate fix --result-id >> xccdf_org.open-scap_testresult_stig-rhel6-server /tmp/stig-results.xml >> #!/bin/bash >> # OpenSCAP fix generator output for benchmark: DRAFT Guide to the >> Secure Configuration of Red Hat Enterprise Linux 6 >> >> # generated: 2013-02-05T11:18:33-05:00 >> # END OF SCRIPT >> [shawn@rhel6 RHEL6]$ vim /tmp/stig-results.xml >> [shawn@rhel6 RHEL6]$ oscap xccdf generate fix --result-id >> xccdf_org.open-scap_testresult_stig-rhel6-server /tmp/stig-results.xml >> #!/bin/bash >> # OpenSCAP fix generator output for benchmark: DRAFT Guide to the >> Secure Configuration of Red Hat Enterprise Linux 6 >> >> # XCCDF rule: install_aide >> # CCE-27024-9 >> yum install aide >> >> # generated: 2013-02-05T11:18:57-05:00 >> # END OF SCRIPT > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
