Hello Radwa, thank you for checking with us.
----- Original Message ----- > From: "Radwa KILANY" <[email protected]> > To: [email protected] > Sent: Thursday, August 4, 2016 11:01:52 AM > Subject: [Open-scap] Add new rules (disk/partitions) to openscap profile > > Hello , > > I would like to add new rules checking options on disk partitions like /opt > and /usr. The available profiles didn't offer these checks. Correct. > > > The online documentation explains how to customise profiles through > "workbench interface", but didn't offer any options to add new ones. SCAP Workbench allows to add rules, that are already defined in the benchmark into profile (derive a new copy of the profile containing more / less rules). But it's not possible to use SCAP Workbench to add completely new rule to the benchmark. > Also, > I'm pretty aware it'll be doable throug alterig the ds and xccdf file but > thave no clue to how exactly I can do it. While direct altering the ds / xccdf would solve the issue for your use case, why not to create SCAP Security Guide PR also others from the community to be able to use your enhancements. > So do you know of any way to add a new rule? To be honest the task of adding new rule to SCAP Security Guide is not trivial. Not like it would be difficult to implement, but it requires some familiarity with the underlying standards (XCCDF, OVAL) first. Right now we have mechanisms to simplify some tasks, but currently aren't in the state yet where adding new rule would be question of few clicks in the GUI editor. In any case, to start get familiar with the concepts I would recommend Shawn's SSG WorkShop that should give you overall overview of the concepts / standards used in SSG and how to create new OVAL from template: [1] http://people.redhat.com/jamisonm/scap/SCAP-Workshop-Coursebook-v2.pdf Also XCCDF and OVAL standards, and overall layout of the SSG repository are in more detail explained in SSG Contributor WorkShop presentations: [2] https://jlieskov.files.wordpress.com/2013/11/scap_security_guide_questions_answers_contributor_workshop_volume_1_november_2015.pdf [3] https://jlieskov.files.wordpress.com/2013/11/scap_security_guide_questions_answers_contributor_workshop_volume_2_january_2016.pdf If you would like directly to start looking into the code and learn by example the steps (XCCDF - rule prose, OVAL - rule check, rule correction - remediation script, and finally creating new XCCDF profile topics) are covered within the last four commits in this branch: [4] https://github.com/iankko/scap-security-guide/commits/ssg_ws The only difference in your use case would be, the last step would differ - since it wouldn't require to create completely new XCCDF profile for the rule(s) being added, but would be enough to reference those rules in some of the existing profiles (e.g. 'common' one to mention some example. The other way is to report new RFE for the rule to be available in SSG ticketing system and wait till it's implemented: [5] https://github.com/OpenSCAP/scap-security-guide/issues/new > > Thank you in advance, Hope this helps. Thank you && Regards, Jan -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > _______________________________________________ > Open-scap-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/open-scap-list -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
