Re: [Open-scap] OpenSCAP for embedded/network devices

2017-03-16 Thread Watson Yuuma Sato 

On 15/03/17 17:24, Eric Holtzclaw wrote:


You do have support for Cisco 
http://www.cisco.com/c/en/us/about/security-center/oval-security-automation.html




I see that Cisco provides OVAL content to scan their devices, and even 
provides an example of how to do so, but using joval, which can perform 
remote scanning without installation of any agent.


I still don't see how to scan Cisco devices with OpenSCAP. Am I missing 
something?


--
Watson Sato
Security Technologies | Red Hat, Inc

___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] RHOSP system evaluation with Openscap

2017-03-16 Thread Watson Yuuma Sato 

On 14/03/17 21:50, Shri Prakash Sikariwal wrote:


Hi,


Hello,


System (Packstack newton deployed on RHEL7.3 virtual box VM) 
evaluation using policy ‘ssg-rhel-osp7-xccdf.xml’ shows 6 cases pass 
and 26 notchecked. Report is attached. This openscap security policy 
is downloaded from following link.


https://github.com/OpenSCAP/scap-security-guide/releases/download/v0.1.31/scap-security-guide-0.1.31.tar.gz

Could you please guide me to reason for ‘notchecked’ cases.


It is marked 'notchecked' because they don't have oval checks implemented.
Check this PR https://github.com/OpenSCAP/scap-security-guide/pull/913 
if you'd like more details.



Best Regards

Shri Prakash

"DISCLAIMER: This message is proprietary to Aricent and is intended 
solely for the use of the individual to whom it is addressed. It may 
contain privileged or confidential information and should not be 
circulated or used for any purpose other than for what it is intended. 
If you have received this message in error, please notify the 
originator immediately. If you are not the intended recipient, you are 
notified that you are strictly prohibited from using, copying, 
altering, or disclosing the contents of this message. Aricent accepts 
no responsibility for loss or damage arising from the use of the 
information transmitted by this email including damage from virus."



___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list


Regards,

--
Watson Sato
Security Technologies | Red Hat, Inc

___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

[Open-scap] customizing remediation

2017-03-16 Thread Greg Silverman (CS) 
I am missing something when it comes to generating a customized fix script.


1.  In SCAP Workbench I deselect rules I do not want.

2.  I save the customization file.

3.  When I scan with the customization file, it still reports evaluation 
results on *some* of the rules I deselected.

4.  When I create the remediation script, with  oscap xccdf generate fix, 
it generates a fix for the rules mentioned in 3.

This is the command I run

oscap xccdf generate fix --template urn:xccdf:fix:script:sh --profile 
xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream --output 
my-remediation-script.sh 
/usr/share/xml/scap/ssg/content/ssg-rhel7-ds-tailoring.xml

i.e., using the tailored xccdf file.

What am I missing?

Thanks,

Greg Silverman
Veritas Technologies
___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list