Hello Miguel, remediations, as they are stored in the DataStream are prepared to be used within the environment provided by the `oscap` utility. (I.e. so `--remediate` works). So no, it's not supposed to be self contained in that particular form.
What you are looking for is probably `oscap xccdf generate fix`. That one will process the snippets and produces self-contained bash script. So no issue - works as intended. ;) Regards, Marek On Mon, Dec 16, 2019 at 11:44 AM Kuko Armas <[email protected]> wrote: > > I've been playing with remediation code, and I've seen that remediation > code for many checks fails due to undefined functions as "populate" (to > populate defined variables) and "fix_audit_syscall_rule" (for audit checks) > > I've seen that both functions (and many more) are defined inside the > datasource, in group > xccdf_org.ssgproject.content_group_remediation_functions > > Since I'm a complete newbie in openSCAP, I'm not sure how it should work: > > > - Is remediation code supposed to be selt-contained in the data > source? Or does it depend on the host having the security-guide package > installed ir order to have that functions code? > - If it's self contained, how and where are the functions code file > extracted and read by remediation code? > - If it's extracted, is there an option to keep the temp files > around to take a look? > - Maybe I need a more recent openscap version? (I'm using > 1.2.17-4.el7 in centos7) > - Should I file an issue on ComplianceAsCode GitHub repo? or am I > doing something wrong? > > > Thanks a lot! > -- > Miguel Armas > CanaryTek Consultoria y Sistemas SL > http://www.canarytek.com/ > > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
