Thanks, Shawn! I'll check out table-rhel6-cces.html<http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/table-rhel6-cces.html> and do an update.
Greg On Mon, May 19, 2014 at 4:26 PM, Shawn Wells <[email protected]> wrote: > > On 5/19/14, 4:09 PM, Shawn Wells wrote: > > > On 5/19/14, 3:44 PM, Greg Elin wrote: > > I've put together a web page to show which RHEL 6 CCE's have a remediation > script from Aqueduct and SSG. > > It is interesting that a number of rules are missing CCE Idents. It is also > easier to see the coverage of fix scripts. > Http://www.govready.org/cce/fixes/ > > Would love feedback and thoughts in how to improve coverage. > > > This is very, very cool. Did you use some sort of XSLT for this, and if > so, is it sharable? Shipping something like this seems valuable, with a > link back to govready for a dynamic version. > > It doesn't seem to be picking up a few CCEs: > > aide_build_database - CCE 27135-3 (since 2013-10-30) > bios_disable_usb_boot - CCE 26923-3 (since 2013-10-30) > > Is a refresh needed? > > > Went through a few more of the XCCDF rules manually and double checked on > the CCEs. All *appears* well. > > The code we use to transform out the CCEs from each XCCDF rule lives here: > > https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL/6/transforms/xccdf2table-cce.xslt > > And generates this HTML table: > > http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/table-rhel6-cces.html > > Now that I'm done fretting if proper CCE assignments exist (mini heart > attack due to the pending SSG inclusion in RHEL 6.6), I'd like to > re-iterate, this is very cool! > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
