On 8/3/17 2:53 PM, Shawn Wells wrote: > > > On 8/3/17 11:35 AM, Watson Yuuma Sato wrote: >> On 03/08/17 15:36, Watson Yuuma Sato wrote: >>> On 03/08/17 11:07, Marek Haicman wrote: >>>> On 08/03/2017 02:28 AM, Shawn Wells wrote: >>>>> Hey Guys >>>>> >>>>> Just downloaded the RHEL 7.4 installation media and attempted >>>>> to use the oscap-anaconda features. Selected "security" during the >>>>> installer, and noticed a few things: >>>>> >>>>> (1) The CUI/NIST 800-171 profile has the description from OSPP: >>>>> >>>>> >>>>> (2) There are multiple RHEL7 STIG options: >>>>> >>>>> >>>>> I'm not sure how/why this is happening. >>>>> >>>>> The 800-171 profile does extend OSPP. Do we need a "extends" for >>>>> the profile description field? >>>>> https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/7/input/profiles/nist-800-171-cui.xml >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> scap-security-guide mailing list -- >>>>> [email protected] >>>>> To unsubscribe send an email to >>>>> [email protected] >>>>> >>>> Hey Shawn, >>>> ad (2) this is known issue >>>> https://bugzilla.redhat.com/show_bug.cgi?id=1437106 >>>> >>>> For (1) that description is the same that SCAP Workbench displays, >>>> and oscap generates from the guides (as can be seen >>>> http://static.open-scap.org/ssg-guides/ssg-rhel7-guide-index.html). >>>> Extend concatenates description of extended profile and the >>>> extending one. Is it a bug? >>> This is not a bug. >>> To replace extended description, extending description element >>> should have attribute override="true", like the title element has. >> Well, this is a bug if description of CUI/NIST 800-171 is not >> expected to be appended to description of OSPP Profile. > > IMHO it comes down to the profiles not including "override=true" in > the profile descriptions. > > Never knew they were needed. How come we didn't have this problem in > earlier editions of oscap-anaconda? The profiles don't seem to have > override=true in the description field, but in prior RHEL releases > things were OK.
PR submitted: https://github.com/OpenSCAP/scap-security-guide/pull/2203
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
