Hi, > On Wednesday, November 20, 2013 10:13:45 PM Shawn Wells wrote: > > 2) Will Benchmark content be accepted in the future, or must content be > > in datastream formats? If datastream, we're looking at a fundamental > > change to how SSG content is expressed. That's not necessarily a bad > > thing, just want to start the conversation and understand your direction > > One of the features of SCAP 1.2 is datastreams. It allows for 1 file to be > signed and delivered. Its much more convenient to distribute content like > that > than individual files. Simon wrote a tutorial on how to convert an existing > collection of content into a datastream here: > > http://isimluk.livejournal.com/3660.html?title=How to convert USGCB to > DataStream with OpenSCAP >
I agree, it also makes it easier and more manageable to scan remote machines. One downside is that you can't use XCCDF 1.1 inside a datastream. Datastreams only allow XCCDF 1.2. If you are interested I could help you with the transition to XCCDF 1.2. The main hurdle will likely be changing all the Rule and Group IDs to the new enforced XCCDF 1.2 format. After that is done, we could simply use openscap to automatically pack up the datastream and have all of this be a part of the build process in scap-security-guide. One risk I can see is that the content will no longer be XCCDF 1.1, so tools only implementing XCCDF 1.1 can no longer use it. Not sure how big a deal that is but if needed we could build both XCCDF 1.1 and 1.2 with not that much added complexity to the build process. -- Martin Preisler _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
