Hi, We have a tool in upstream in https://github.com/ComplianceAsCode/content/blob/master/utils/compare_ds.py that can compare 2 datastreams. It can compare: - Contents of Bash and Ansible remediations - OVAL <definition> and <criteria> elements Extending this tool to compare also profiles feels like a natural step.
Regards On Tue, Oct 8, 2019 at 8:16 PM Sanders, Robert <[email protected]> wrote: > > Gabe, > > Sorry to be late with a thank you, been very busy on the day job. > > The ability to make serial edits to tailoring file seems like a very useful > thing to have, although to be honest a real working diff would be much more > useful to me. > > I’d been cleared to release what I have as a comparison tool, but in the > time since I wrote it *something* changed, and I need to find some time to > rework it. It is some of the ugliest XML parsing python I’ve ever written, > and had the about the sole redeeming feature of ‘it more or less worked’. I > does kinda hit some of the points that were mentioned in the github issue. > Now to just find free time….. > > > > -Rob > > > > -- > > ROBERT SANDERS > > Sr. Secure Systems Engineer > > > > FORCEPOINT > > T +1.703.896.4762 > > F +1.703.318.5041 > > www.forcepoint.com > > > > FORWARD WITHOUT FEAR > > > > > > From: Gabe Alford <[email protected]> > Reply-To: SCAP Security Guide <[email protected]> > Date: Thursday, October 3, 2019 at 6:29 PM > To: SCAP Security Guide <[email protected]> > Subject: EXTERNAL: Re: Scan-workbench - modifying customizations, and > comparing profiles > > > > > > > > On Tue, Sep 17, 2019 at 1:50 PM Sanders, Robert <[email protected]> > wrote: > > Hello all, > > Is there any way to load a set of customizations into scap-workbench, make > some additional tweaks, and then output *only* the customizations themselves > (old + new changes)? Everytime I’ve tried to do this I wind up with > effectively the entire profile with my customizations overriding the original > profile settings. To get around this I have my ‘gold’ customization file, > and then for anything other than a trivial modification I create a branch new > customization and manualy cut/paste my customization back into my gold file. > Painful. > > > > I think that the only way is to use a tailoring profile to keep what is in > the original set. > > > > And next - I’d posted a year or so ago in the ‘open-scap’ mailing list > asking if there was a reliable/good way to compare baselines (example - C2S > vs stig-rhel7-disa, or a tailoring file against the reference). Seems to be > to be a glaring missing feature. I started to write a comparison tool for my > own use and have a very clunky python script to do it. I’d planned (and > received permission from management) to release that back to the community > (under the BSD 3-clause to match scap-security-guide) but got very > side-tracked at work. Had to revisit it and realized just how clunky it is. > Unless there is an accepted way to do this I’ll try to find time to clean it > up and post i. > > > > There is a ticket https://github.com/OpenSCAP/openscap/issues/1302 to add > this feature into OpenSCAP, but there hasn't been much traction on it > unfortunately. Of course, contributions are always welcome! > > > > -Rob > > > > -- > > ROBERT SANDERS > > Sr. Secure Systems Engineer > > > > FORCEPOINT > > T +1.703.896.4762 > > F +1.703.318.5041 > > www.forcepoint.com > > > > FORWARD WITHOUT FEAR > > > > _______________________________________________ > scap-security-guide mailing list -- [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > > _______________________________________________ > scap-security-guide mailing list -- [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] -- Jan Černý Security Technologies | Red Hat, Inc. _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
