Hello Shawn, I think that would greatly simplify the process!
The sysctl CSV file can just be "<parameter>,<value-if-applicable>". If the value is present, "create_sysctl_checks.py" can work as it does so currently. If there is no value, deduce the variable name from the sysctl parameter itself and use it with the new template which will contain the external variable and the var-ref within state. I hope that looks fine. Thank you. Regards, Gautam. -----Original Message----- From: Shawn Wells [mailto:[email protected]] Sent: Wednesday, December 16, 2015 9:54 AM To: [email protected] Subject: Re: XCCDF variables associated with "sysctl_net_ipv4_conf_*" do not seem to be getting used. Perhaps not well documented, but the variables should be in the format of ${xccdf_check_name}_value. e.g. in the RHEL6 sysctl template file, we have "net.ipv4.conf.all.accept_source_route." The build system will convert this into an OVAL file named sysctl_net_ipv4_conf_all_accept_source_route. So the variable should be sysctl_net_ipv4_conf_all_accept_source_route_value. -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
