Re: Using the RHEL specific SCAP content for CentOS

Thu, 02 Jul 2015 06:00:49 -0700 

On 07/01/2015 06:09 PM, Andrew Gilmore wrote:

How close are we to having all tests applicable to CentOS actually
available in the profiles?
My understanding is that SSG is under active development. The completness of the various profiles changes rapidly.
I have seen some github milestones implemented in SSG. These can be of some help 

    https://github.com/OpenSCAP/scap-security-guide/milestones
> This question about SSG content is getting asked often enough that it > deserves an FAQ entry somewhere.
Again things change rapidly. Updating a FAQ is tedious task for developers. Especially if it needs to be done each month. 

Would anybody volunteer?

Thanks!
~š.



On Jul 1, 2015 10:00 AM, "Shawn Wells" <[email protected]
<mailto:[email protected]>> wrote:



    On 6/30/15 6:54 PM, Gabe Alford wrote:

        Hey Bond,

        As of SCAP Security Guide release 0.1.23, CentOS content is now
        available (any older version will require tweaking). See the
        announcement here:
        
https://lists.fedorahosted.org/pipermail/scap-security-guide/2015-June/006462.html

        You can download and build the SSG content from
        https://github.com/OpenSCAP/scap-security-guide


    Spot on. CentOS users can now clone the repo, run make, and they'll
    see various CentOS content files generated.

        When you run the XCCDF, you have to specify the CentOS XCCDF
        like below:

        # oscap xccdf eval --profile stig-rhel6-server-upstream \
              --results /tmp/`hostname`-ssg-results.xml \
              --report /tmp/`hostname`-ssg-results.html \
              --cpe
        /usr/share/xml/scap/ssg/content/ssg-centos6-cpe-dictionary.xml \
              /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml

        Please note that I believe that ssg-centos6-cpe-dictionary.xml
        is not being built with SSG. OpenSCAP is here:
        https://github.com/openscap/openscap and the announcement here:
        So I believe all that needs to be done is:

        # oscap xccdf eval --profile stig-rhel6-server-upstream \
              --results /tmp/`hostname`-ssg-results.xml \
              --report /tmp/`hostname`-ssg-results.html \
              /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml

        Thanks,


    --
    Shawn Wells
    Director, Innovation Programs
    [email protected] <mailto:[email protected]> | 443.534.0130
    <tel:443.534.0130>
    @shawndwells

    --
    SCAP Security Guide mailing list
    [email protected]
    <mailto:[email protected]>
    https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
    https://github.com/OpenSCAP/scap-security-guide/






--
Šimon Lukašík
Security Technologies, Red Hat, Inc.
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/

Reply via email to