Gabe, Sorry to be late with a thank you, been very busy on the day job. The ability to make serial edits to tailoring file seems like a very useful thing to have, although to be honest a real working diff would be much more useful to me. I’d been cleared to release what I have as a comparison tool, but in the time since I wrote it *something* changed, and I need to find some time to rework it. It is some of the ugliest XML parsing python I’ve ever written, and had the about the sole redeeming feature of ‘it more or less worked’. I does kinda hit some of the points that were mentioned in the github issue. Now to just find free time…..
-Rob -- ROBERT SANDERS Sr. Secure Systems Engineer FORCEPOINT T +1.703.896.4762 F +1.703.318.5041 www.forcepoint.com FORWARD WITHOUT FEAR From: Gabe Alford <[email protected]> Reply-To: SCAP Security Guide <[email protected]> Date: Thursday, October 3, 2019 at 6:29 PM To: SCAP Security Guide <[email protected]> Subject: EXTERNAL: Re: Scan-workbench - modifying customizations, and comparing profiles On Tue, Sep 17, 2019 at 1:50 PM Sanders, Robert <[email protected]<mailto:[email protected]>> wrote: Hello all, Is there any way to load a set of customizations into scap-workbench, make some additional tweaks, and then output *only* the customizations themselves (old + new changes)? Everytime I’ve tried to do this I wind up with effectively the entire profile with my customizations overriding the original profile settings. To get around this I have my ‘gold’ customization file, and then for anything other than a trivial modification I create a branch new customization and manualy cut/paste my customization back into my gold file. Painful. I think that the only way is to use a tailoring profile to keep what is in the original set. And next - I’d posted a year or so ago in the ‘open-scap’ mailing list asking if there was a reliable/good way to compare baselines (example - C2S vs stig-rhel7-disa, or a tailoring file against the reference). Seems to be to be a glaring missing feature. I started to write a comparison tool for my own use and have a very clunky python script to do it. I’d planned (and received permission from management) to release that back to the community (under the BSD 3-clause to match scap-security-guide) but got very side-tracked at work. Had to revisit it and realized just how clunky it is. Unless there is an accepted way to do this I’ll try to find time to clean it up and post i. There is a ticket https://github.com/OpenSCAP/openscap/issues/1302 to add this feature into OpenSCAP, but there hasn't been much traction on it unfortunately. Of course, contributions are always welcome! -Rob -- ROBERT SANDERS Sr. Secure Systems Engineer FORCEPOINT T +1.703.896.4762 F +1.703.318.5041 www.forcepoint.com<http://www.forcepoint.com> FORWARD WITHOUT FEAR _______________________________________________ scap-security-guide mailing list -- [email protected]<mailto:[email protected]> To unsubscribe send an email to [email protected]<mailto:[email protected]> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
