.ckl files are the manual checklists that are used to import the automated XCCDF content. For example on RHEL6 you import the XCCDF content from the scan and then you have 85 manual controls to review. You use the Java STIG viewer (JavaFX required) as the GUI to provide comments and choose from a drop down menu (open, not a finding, not applicable) for each manual control. The auditors typcially request results from each host in .ckl format I believe because it shows you've done the manual review as opposed to providing an SCC or openscap HTML report which would only cover the automated checks.
btw, those 85 manual RHEL6 controls could be automated. Most are run this command if it produces results its a finding. A few require interpretation but most seem like they could be automated. Lee ________________________________ From: Shawn Wells <sh...@redhat.com> Sent: Thursday, November 29, 2018 1:14 PM To: scap-security-guide@lists.fedorahosted.org Subject: Re: alternatives to STIG Viewer once Oracle JDK 8 / JavaFX 8 is EOL in January 2019? On 11/28/18 12:51 PM, Trevor Vaughan wrote: > Heh, no offense taken. I just needed to turn the little lights green > with a .ckl file...and I did :-D What are the .ckl files imported into? How are they used? For example if OpenSCAP or Satellite could evaluate a system and output a properly formatted .ckl file... would that provide value? What happens with .ckl files? _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html [https://getfedora.org/static/images/fedora.png]<https://getfedora.org/code-of-conduct.html> Fedora Code of Conduct<https://getfedora.org/code-of-conduct.html> getfedora.org Choose Freedom. Choose Fedora. Pick a flavor of Fedora streamlined for your needs, and get to work right away. List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
_______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
