On 15/11/17 13:15, Olivier BONHOMME wrote:
Dear OpenScap community,
I'm currently working for my company on checking the RHEL 7 SSG profile (0.1.36
version) coverage against STIG 1.3 release.
While browsing the 0.1.36 release, I discovered the stig-overlays.xml which
shows the matching between SSG rule and STIG rule.
Can anybody confirm that I can use that file in order to check the coverage
rate of the SSG profile ?
Hello, Olivier.
I'd say yes, as the stig_overlay maps Rules in STIG to Rules in SSG.
Rules that don't map to any Rule in SSG will have ruleid="XXXX".
Last time stig_overlay.xml was updated in upstream was around 8 months
ago, so the version there probably isn't STIG 1.3. And unfortunately I
couldn't find to witch version it corresponds.
To generate an updated stig_overlays.xml file, please refer to our
Developer Guide [1].
[1]
https://github.com/OpenSCAP/scap-security-guide/blob/master/docs/manual/developer_guide.adoc#stig-overlay-content
--
Watson Sato
Security Technologies | Red Hat, Inc
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
