On Tue, Sep 17, 2019 at 1:50 PM Sanders, Robert <[email protected]> wrote:
> Hello all, > > Is there any way to load a set of customizations into scap-workbench, > make some additional tweaks, and then output *only* the customizations > themselves (old + new changes)? Everytime I’ve tried to do this I wind up > with effectively the entire profile with my customizations overriding the > original profile settings. To get around this I have my ‘gold’ > customization file, and then for anything other than a trivial modification > I create a branch new customization and manualy cut/paste my customization > back into my gold file. Painful. > I think that the only way is to use a tailoring profile to keep what is in the original set. > And next - I’d posted a year or so ago in the ‘open-scap’ mailing list > asking if there was a reliable/good way to compare baselines (example - C2S > vs stig-rhel7-disa, or a tailoring file against the reference). Seems to > be to be a glaring missing feature. I started to write a comparison tool > for my own use and have a very clunky python script to do it. I’d planned > (and received permission from management) to release that back to the > community (under the BSD 3-clause to match scap-security-guide) but got > very side-tracked at work. Had to revisit it and realized just how clunky > it is. Unless there is an accepted way to do this I’ll try to find time to > clean it up and post i. > There is a ticket https://github.com/OpenSCAP/openscap/issues/1302 to add this feature into OpenSCAP, but there hasn't been much traction on it unfortunately. Of course, contributions are always welcome! > -Rob > > > > -- > > *ROBERT SANDERS* > > Sr. Secure Systems Engineer > > > > *FORCEPOINT* > > T +1.703.896.4762 > > F +1.703.318.5041 > > www.forcepoint.com > > > > *FORWARD WITHOUT FEAR* > > > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
