Re: [Open-scap] OpenSCAP 1.3.0
I installed OpenSCAP using the pre-built installer found here: https://github.com/OpenSCAP/openscap/releases OpenSCAP-1.3.0-win32.msi To scan a benchmark, I had to extract the xml file from the benchmark zip. For example, in the Windows 10 SCAP content, I extracted the file “U_Windows_10_V1R12_STIG_SCAP_1-2_Benchmark.xml”. Then to run the scan, I scanned using the following command line: oscap xccdf eval --results Windows_10_Results.xml --report Windows_10_Report.html U_Windows_10_V1R12_STIG_SCAP_1-2_Benchmark.xml The Windows_10_Results.xml file that is generated can then be used to import into a STIG checklist. Best regards, Trey Henefield, CISSP Senior IAVA Engineer Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA trey.henefi...@ultra-ats.com<mailto:trey.henefi...@ultra-ats.com> Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450 From: Ruben Oliva Sent: Friday, October 12, 2018 5:58 PM To: Trey Henefield ; sh...@redhat.com; open-scap-list@redhat.com Subject: Re: [Open-scap] OpenSCAP 1.3.0 Trey: You got me curious about this. How did you do it? David Oliva -Original Message- From: Trey Henefield mailto:trey.henefi...@ultra-ats.com>> To: Shawn Wells mailto:sh...@redhat.com>>; open-scap-list mailto:open-scap-list@redhat.com>> Sent: Tue, Oct 9, 2018 12:08 pm Subject: Re: [Open-scap] OpenSCAP 1.3.0 For what its worth, I was able to perform scans on Windows with OpenSCAP 1.3.0 using the following DISA STIG benchmarks: Google Chrome Adobe Acrobat DC Windows Defender Windows Firewall Windows 10 All of the scans work. However, Windows 10 results were a bit off. Allot of unknowns and false positives. This could be an issue with the benchmark, however it works fine in SCAP Compliance Checker. All others were spot on. I was also able to import my results from the scan into the STIG Viewer to populate the results into a checklist. Excellent work! Best regards, Trey Henefield, CISSP Senior IAVA Engineer Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA trey.henefi...@ultra-ats.com<mailto:trey.henefi...@ultra-ats.com> Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450 -Original Message- From: open-scap-list-boun...@redhat.com<mailto:open-scap-list-boun...@redhat.com> mailto:boun...@redhat.com>> On Behalf Of Shawn Wells Sent: Tuesday, October 9, 2018 10:53 AM To: open-scap-list@redhat.com<mailto:open-scap-list@redhat.com> Subject: Re: [Open-scap] OpenSCAP 1.3.0 On 10/9/18 7:38 AM, Jan Cerny wrote: > Hello OpenSCAPers, > > We are thrilled to announce general availability of OpenSCAP 1.3.0 release. > > This is the first release from maint-1.3 maintenance branch. API/ABI > is not compatible with 1.2.x releases. API/ABI is not compatible with > 1.3.0_alpha releases. > > Changes from 1.3.0_alpha2: > - New features > - Introduced a virtual '(all)' profile selecting all rules > - Verbose mode is a global option in all modules > - Added Microsoft Windows CPEs > - oscap-ssh can supply SSH options into an environment variable > - Maintenance > - Removed SEXP parser > - Added Fedora 30 CPE > - Fixed many Coverity defects (memory leaks etc.) > - SCE builds are enabled by default > - Moved many low-level functions out of public API > - Removed unused and dead code > - Updated manual pages > - Numerous small fixes > > Key differences from 1.2.x series: > - Basic Microsoft Windows support > - Removed deprecated command line interfaces > - Removed deprecated API symbols > - Probes are not separate processes anymore > - CMake used as build system > - CTest used as a test framework > > Download: > https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz<https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz> > > SHA512: > 9405d0f17b60ab4a52ddd0f49d0e2395eb2540f0d07d68dfd142e2b8b2988e88cf1272 > 30523e68f67d3d22a6dd4eb2397f9468c923d19bb7cb059abf487ab5a1 > > Audit, Fix, And Be Merry! Thanks Jan! How far along is Windows support? Saw the mention of 'basic' -- but how should OpenSCAP on Windows be positioned? For example: - How many Windows probes are implemented? - Does OpenSCAP on Windows pass the NIST automated tooling? - Where can we send people who want to find out more? ___ Open-scap-list mailing list Open-scap-list@redhat.com<mailto:Open-scap-list@redhat.com> https://www.redhat.com/mailman/listinfo/open-scap-list<https://www.redhat.com/mailman/listinfo/open-scap-list> Disclaimer The information contained in this communication from trey.henefi...@ultra-ats.com<mailto:trey.hen
Re: [Open-scap] OpenSCAP 1.3.0
Trey: You got me curious about this. How did you do it? David Oliva -Original Message- From: Trey Henefield To: Shawn Wells ; open-scap-list Sent: Tue, Oct 9, 2018 12:08 pm Subject: Re: [Open-scap] OpenSCAP 1.3.0 For what its worth, I was able to perform scans on Windows with OpenSCAP 1.3.0 using the following DISA STIG benchmarks: Google Chrome Adobe Acrobat DC Windows Defender Windows Firewall Windows 10 All of the scans work. However, Windows 10 results were a bit off. Allot of unknowns and false positives. This could be an issue with the benchmark, however it works fine in SCAP Compliance Checker. All others were spot on. I was also able to import my results from the scan into the STIG Viewer to populate the results into a checklist. Excellent work! Best regards, Trey Henefield, CISSP Senior IAVA Engineer Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA trey.henefi...@ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450 -Original Message- From: open-scap-list-boun...@redhat.com On Behalf Of Shawn Wells Sent: Tuesday, October 9, 2018 10:53 AM To: open-scap-list@redhat.com Subject: Re: [Open-scap] OpenSCAP 1.3.0 On 10/9/18 7:38 AM, Jan Cerny wrote: > Hello OpenSCAPers, > > We are thrilled to announce general availability of OpenSCAP 1.3.0 release. > > This is the first release from maint-1.3 maintenance branch. API/ABI > is not compatible with 1.2.x releases. API/ABI is not compatible with > 1.3.0_alpha releases. > > Changes from 1.3.0_alpha2: >- New features > - Introduced a virtual '(all)' profile selecting all rules > - Verbose mode is a global option in all modules > - Added Microsoft Windows CPEs > - oscap-ssh can supply SSH options into an environment variable >- Maintenance > - Removed SEXP parser > - Added Fedora 30 CPE > - Fixed many Coverity defects (memory leaks etc.) > - SCE builds are enabled by default > - Moved many low-level functions out of public API > - Removed unused and dead code > - Updated manual pages > - Numerous small fixes > > Key differences from 1.2.x series: > - Basic Microsoft Windows support > - Removed deprecated command line interfaces > - Removed deprecated API symbols > - Probes are not separate processes anymore > - CMake used as build system > - CTest used as a test framework > > Download: > https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz > > SHA512: > 9405d0f17b60ab4a52ddd0f49d0e2395eb2540f0d07d68dfd142e2b8b2988e88cf1272 > 30523e68f67d3d22a6dd4eb2397f9468c923d19bb7cb059abf487ab5a1 > > Audit, Fix, And Be Merry! Thanks Jan! How far along is Windows support? Saw the mention of 'basic' -- but how should OpenSCAP on Windows be positioned? For example: - How many Windows probes are implemented? - Does OpenSCAP on Windows pass the NIST automated tooling? - Where can we send people who want to find out more? ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list Disclaimer The information contained in this communication from trey.henefi...@ultra-ats.com sent at 2018-10-09 12:08:47 is private and may be legally privileged or export controlled. It is intended solely for use by open-scap-list@redhat.com and others authorized to receive it. If you are not open-scap-list@redhat.com you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful. ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] OpenSCAP 1.3.0
Just out of curiousity, is there any remediation support in Windows yet, and if so, what type of shell will it support (cmd or powershell)? I may look at creating some SSG content for Windows. Thanks! Best regards, Trey Henefield, CISSP Senior IAVA Engineer Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA trey.henefi...@ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450 -Original Message- From: open-scap-list-boun...@redhat.com On Behalf Of Jan Cerny Sent: Wednesday, October 10, 2018 4:02 AM To: Shawn Wells Cc: open-scap-list@redhat.com Subject: Re: [Open-scap] OpenSCAP 1.3.0 Hi, OpenSCAP support for Windows hasn't been improved much since the 1.3.0_alpha1 releases. The only thing that we have done recently is that we added Windows CPEs to the inbuilt CPE dictionary. > How far along is Windows support? Saw the mention of 'basic' -- but > how should OpenSCAP on Windows be positioned? OpenSCAP 1.3.0 can be compiled and installed on Windows, it runs, it produces "some" results. But it's very bad. > - How many Windows probes are implemented? OpenSCAP 1.3.0 for Windows has the following 4 probes: * system_info * registry * wmi57 * accesstoken > - Does OpenSCAP on Windows pass the NIST automated tooling? Nobody tried that. I expect that it doesn't pass. > - Where can we send people who want to find out more? For people that would like to contribute code I would point them to developer's manual where they can find how to build it on Windows. https://github.com/OpenSCAP/openscap/blob/master/docs/developer/developer.adoc For normal users we don't have anything. I think we definitely should mention that it exists on http://www.open-scap.org. The problem with OpenSCAP for Windows is that nobody is working on that now, and it is not tested at all. Also, it is not supported by Red Hat in any way. I'm sorry if the release announcement email caused a confusion. I mentioned the Windows support under "Key differences from 1.2.x series" because the 1.3.0_alpha1 and 1.3.0_alpha2 releases were intended as pre-releases. I supposed most people didn't follow their changelog. I wanted to point out there at least the main differences of 1.3.0 for users of 1.2.x releases. However, as usually, the full changelog is located at: https://github.com/OpenSCAP/openscap/blob/master/NEWS Regards Jan Černý Security Technologies | Red Hat, Inc. - Original Message - > From: "Shawn Wells" > To: open-scap-list@redhat.com > Sent: Tuesday, October 9, 2018 5:53:08 PM > Subject: Re: [Open-scap] OpenSCAP 1.3.0 > > > > On 10/9/18 7:38 AM, Jan Cerny wrote: > > Hello OpenSCAPers, > > > > We are thrilled to announce general availability of OpenSCAP 1.3.0 release. > > > > This is the first release from maint-1.3 maintenance branch. API/ABI > > is not compatible with 1.2.x releases. API/ABI is not compatible > > with 1.3.0_alpha releases. > > > > Changes from 1.3.0_alpha2: > >- New features > > - Introduced a virtual '(all)' profile selecting all rules > > - Verbose mode is a global option in all modules > > - Added Microsoft Windows CPEs > > - oscap-ssh can supply SSH options into an environment variable > >- Maintenance > > - Removed SEXP parser > > - Added Fedora 30 CPE > > - Fixed many Coverity defects (memory leaks etc.) > > - SCE builds are enabled by default > > - Moved many low-level functions out of public API > > - Removed unused and dead code > > - Updated manual pages > > - Numerous small fixes > > > > Key differences from 1.2.x series: > > - Basic Microsoft Windows support > > - Removed deprecated command line interfaces > > - Removed deprecated API symbols > > - Probes are not separate processes anymore > > - CMake used as build system > > - CTest used as a test framework > > > > Download: > > https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz > > > > SHA512: > > 9405d0f17b60ab4a52ddd0f49d0e2395eb2540f0d07d68dfd142e2b8b2988e88cf12 > > 7230523e68f67d3d22a6dd4eb2397f9468c923d19bb7cb059abf487ab5a1 > > > > Audit, Fix, And Be Merry! > > Thanks Jan! > > How far along is Windows support? Saw the mention of 'basic' -- but > how should OpenSCAP on Windows be positioned? > > For example: > - How many Windows probes are implemented? > - Does OpenSCAP on Windows pass the NIST automated tooling? > - Where can we send people who want to find out more? > > __
Re: [Open-scap] OpenSCAP 1.3.0
Hi Shawn. Hope things are going well with you. I notice the changes that add Windows CPEs and Windows support. Are you planning to create a Windows-version of OpenSCAP? David Oliva -Original Message- From: Shawn Wells To: open-scap-list Sent: Tue, Oct 9, 2018 11:56 am Subject: Re: [Open-scap] OpenSCAP 1.3.0 On 10/9/18 7:38 AM, Jan Cerny wrote: > Hello OpenSCAPers, > > We are thrilled to announce general availability of OpenSCAP 1.3.0 release. > > This is the first release from maint-1.3 maintenance branch. API/ABI is not > compatible with 1.2.x releases. API/ABI is not compatible with 1.3.0_alpha > releases. > > Changes from 1.3.0_alpha2: >- New features > - Introduced a virtual '(all)' profile selecting all rules > - Verbose mode is a global option in all modules > - Added Microsoft Windows CPEs > - oscap-ssh can supply SSH options into an environment variable >- Maintenance > - Removed SEXP parser > - Added Fedora 30 CPE > - Fixed many Coverity defects (memory leaks etc.) > - SCE builds are enabled by default > - Moved many low-level functions out of public API > - Removed unused and dead code > - Updated manual pages > - Numerous small fixes > > Key differences from 1.2.x series: > - Basic Microsoft Windows support > - Removed deprecated command line interfaces > - Removed deprecated API symbols > - Probes are not separate processes anymore > - CMake used as build system > - CTest used as a test framework > > Download: > https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz > > SHA512: > 9405d0f17b60ab4a52ddd0f49d0e2395eb2540f0d07d68dfd142e2b8b2988e88cf127230523e68f67d3d22a6dd4eb2397f9468c923d19bb7cb059abf487ab5a1 > > Audit, Fix, And Be Merry! Thanks Jan! How far along is Windows support? Saw the mention of 'basic' -- but how should OpenSCAP on Windows be positioned? For example: - How many Windows probes are implemented? - Does OpenSCAP on Windows pass the NIST automated tooling? - Where can we send people who want to find out more? ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] OpenSCAP 1.3.0
On 10/10/18 5:01 AM, Jan Cerny wrote: Hi, OpenSCAP support for Windows hasn't been improved much since the 1.3.0_alpha1 releases. The only thing that we have done recently is that we added Windows CPEs to the inbuilt CPE dictionary. How far along is Windows support? Saw the mention of 'basic' -- but how should OpenSCAP on Windows be positioned? OpenSCAP 1.3.0 can be compiled and installed on Windows, it runs, it produces "some" results. But it's very bad. - How many Windows probes are implemented? OpenSCAP 1.3.0 for Windows has the following 4 probes: * system_info * registry * wmi57 * accesstoken - Does OpenSCAP on Windows pass the NIST automated tooling? Nobody tried that. I expect that it doesn't pass. - Where can we send people who want to find out more? For people that would like to contribute code I would point them to developer's manual where they can find how to build it on Windows. https://github.com/OpenSCAP/openscap/blob/master/docs/developer/developer.adoc For normal users we don't have anything. I think we definitely should mention that it exists onwww.open-scap.org. The problem with OpenSCAP for Windows is that nobody is working on that now, and it is not tested at all. Also, it is not supported by Red Hat in any way. Understand the Windows support is community driven. IIRC, wasn't there someone building a master thesis about this work? Has that been completed? I'm sorry if the release announcement email caused a confusion. I mentioned the Windows support under "Key differences from 1.2.x series" because the 1.3.0_alpha1 and 1.3.0_alpha2 releases were intended as pre-releases. I supposed most people didn't follow their changelog. I wanted to point out there at least the main differences of 1.3.0 for users of 1.2.x releases. However, as usually, the full changelog is located at: https://github.com/OpenSCAP/openscap/blob/master/NEWS Nah, wouldn't say confusion. Wasn't sure of the broader Windows support so figured I'd just ask! ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] OpenSCAP 1.3.0
Hi, OpenSCAP support for Windows hasn't been improved much since the 1.3.0_alpha1 releases. The only thing that we have done recently is that we added Windows CPEs to the inbuilt CPE dictionary. > How far along is Windows support? Saw the mention of 'basic' -- but how > should OpenSCAP on Windows be positioned? OpenSCAP 1.3.0 can be compiled and installed on Windows, it runs, it produces "some" results. But it's very bad. > - How many Windows probes are implemented? OpenSCAP 1.3.0 for Windows has the following 4 probes: * system_info * registry * wmi57 * accesstoken > - Does OpenSCAP on Windows pass the NIST automated tooling? Nobody tried that. I expect that it doesn't pass. > - Where can we send people who want to find out more? For people that would like to contribute code I would point them to developer's manual where they can find how to build it on Windows. https://github.com/OpenSCAP/openscap/blob/master/docs/developer/developer.adoc For normal users we don't have anything. I think we definitely should mention that it exists on www.open-scap.org. The problem with OpenSCAP for Windows is that nobody is working on that now, and it is not tested at all. Also, it is not supported by Red Hat in any way. I'm sorry if the release announcement email caused a confusion. I mentioned the Windows support under "Key differences from 1.2.x series" because the 1.3.0_alpha1 and 1.3.0_alpha2 releases were intended as pre-releases. I supposed most people didn't follow their changelog. I wanted to point out there at least the main differences of 1.3.0 for users of 1.2.x releases. However, as usually, the full changelog is located at: https://github.com/OpenSCAP/openscap/blob/master/NEWS Regards Jan Černý Security Technologies | Red Hat, Inc. - Original Message - > From: "Shawn Wells" > To: open-scap-list@redhat.com > Sent: Tuesday, October 9, 2018 5:53:08 PM > Subject: Re: [Open-scap] OpenSCAP 1.3.0 > > > > On 10/9/18 7:38 AM, Jan Cerny wrote: > > Hello OpenSCAPers, > > > > We are thrilled to announce general availability of OpenSCAP 1.3.0 release. > > > > This is the first release from maint-1.3 maintenance branch. API/ABI is not > > compatible with 1.2.x releases. API/ABI is not compatible with 1.3.0_alpha > > releases. > > > > Changes from 1.3.0_alpha2: > >- New features > > - Introduced a virtual '(all)' profile selecting all rules > > - Verbose mode is a global option in all modules > > - Added Microsoft Windows CPEs > > - oscap-ssh can supply SSH options into an environment variable > >- Maintenance > > - Removed SEXP parser > > - Added Fedora 30 CPE > > - Fixed many Coverity defects (memory leaks etc.) > > - SCE builds are enabled by default > > - Moved many low-level functions out of public API > > - Removed unused and dead code > > - Updated manual pages > > - Numerous small fixes > > > > Key differences from 1.2.x series: > > - Basic Microsoft Windows support > > - Removed deprecated command line interfaces > > - Removed deprecated API symbols > > - Probes are not separate processes anymore > > - CMake used as build system > > - CTest used as a test framework > > > > Download: > > https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz > > > > SHA512: > > 9405d0f17b60ab4a52ddd0f49d0e2395eb2540f0d07d68dfd142e2b8b2988e88cf127230523e68f67d3d22a6dd4eb2397f9468c923d19bb7cb059abf487ab5a1 > > > > Audit, Fix, And Be Merry! > > Thanks Jan! > > How far along is Windows support? Saw the mention of 'basic' -- but how > should OpenSCAP on Windows be positioned? > > For example: > - How many Windows probes are implemented? > - Does OpenSCAP on Windows pass the NIST automated tooling? > - Where can we send people who want to find out more? > > ___ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list > ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] OpenSCAP 1.3.0
For what its worth, I was able to perform scans on Windows with OpenSCAP 1.3.0 using the following DISA STIG benchmarks: Google Chrome Adobe Acrobat DC Windows Defender Windows Firewall Windows 10 All of the scans work. However, Windows 10 results were a bit off. Allot of unknowns and false positives. This could be an issue with the benchmark, however it works fine in SCAP Compliance Checker. All others were spot on. I was also able to import my results from the scan into the STIG Viewer to populate the results into a checklist. Excellent work! Best regards, Trey Henefield, CISSP Senior IAVA Engineer Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA trey.henefi...@ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450 -Original Message- From: open-scap-list-boun...@redhat.com On Behalf Of Shawn Wells Sent: Tuesday, October 9, 2018 10:53 AM To: open-scap-list@redhat.com Subject: Re: [Open-scap] OpenSCAP 1.3.0 On 10/9/18 7:38 AM, Jan Cerny wrote: > Hello OpenSCAPers, > > We are thrilled to announce general availability of OpenSCAP 1.3.0 release. > > This is the first release from maint-1.3 maintenance branch. API/ABI > is not compatible with 1.2.x releases. API/ABI is not compatible with > 1.3.0_alpha releases. > > Changes from 1.3.0_alpha2: >- New features > - Introduced a virtual '(all)' profile selecting all rules > - Verbose mode is a global option in all modules > - Added Microsoft Windows CPEs > - oscap-ssh can supply SSH options into an environment variable >- Maintenance > - Removed SEXP parser > - Added Fedora 30 CPE > - Fixed many Coverity defects (memory leaks etc.) > - SCE builds are enabled by default > - Moved many low-level functions out of public API > - Removed unused and dead code > - Updated manual pages > - Numerous small fixes > > Key differences from 1.2.x series: > - Basic Microsoft Windows support > - Removed deprecated command line interfaces > - Removed deprecated API symbols > - Probes are not separate processes anymore > - CMake used as build system > - CTest used as a test framework > > Download: > https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz > > SHA512: > 9405d0f17b60ab4a52ddd0f49d0e2395eb2540f0d07d68dfd142e2b8b2988e88cf1272 > 30523e68f67d3d22a6dd4eb2397f9468c923d19bb7cb059abf487ab5a1 > > Audit, Fix, And Be Merry! Thanks Jan! How far along is Windows support? Saw the mention of 'basic' -- but how should OpenSCAP on Windows be positioned? For example: - How many Windows probes are implemented? - Does OpenSCAP on Windows pass the NIST automated tooling? - Where can we send people who want to find out more? ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list Disclaimer The information contained in this communication from trey.henefi...@ultra-ats.com sent at 2018-10-09 12:08:47 is confidential and may be legally privileged. It is intended solely for use by open-scap-list@redhat.com and others authorized to receive it. If you are not open-scap-list@redhat.com you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful. ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] OpenSCAP 1.3.0
On 10/9/18 7:38 AM, Jan Cerny wrote: Hello OpenSCAPers, We are thrilled to announce general availability of OpenSCAP 1.3.0 release. This is the first release from maint-1.3 maintenance branch. API/ABI is not compatible with 1.2.x releases. API/ABI is not compatible with 1.3.0_alpha releases. Changes from 1.3.0_alpha2: - New features - Introduced a virtual '(all)' profile selecting all rules - Verbose mode is a global option in all modules - Added Microsoft Windows CPEs - oscap-ssh can supply SSH options into an environment variable - Maintenance - Removed SEXP parser - Added Fedora 30 CPE - Fixed many Coverity defects (memory leaks etc.) - SCE builds are enabled by default - Moved many low-level functions out of public API - Removed unused and dead code - Updated manual pages - Numerous small fixes Key differences from 1.2.x series: - Basic Microsoft Windows support - Removed deprecated command line interfaces - Removed deprecated API symbols - Probes are not separate processes anymore - CMake used as build system - CTest used as a test framework Download: https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz SHA512: 9405d0f17b60ab4a52ddd0f49d0e2395eb2540f0d07d68dfd142e2b8b2988e88cf127230523e68f67d3d22a6dd4eb2397f9468c923d19bb7cb059abf487ab5a1 Audit, Fix, And Be Merry! Thanks Jan! How far along is Windows support? Saw the mention of 'basic' -- but how should OpenSCAP on Windows be positioned? For example: - How many Windows probes are implemented? - Does OpenSCAP on Windows pass the NIST automated tooling? - Where can we send people who want to find out more? ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
[Open-scap] OpenSCAP 1.3.0
Hello OpenSCAPers, We are thrilled to announce general availability of OpenSCAP 1.3.0 release. This is the first release from maint-1.3 maintenance branch. API/ABI is not compatible with 1.2.x releases. API/ABI is not compatible with 1.3.0_alpha releases. Changes from 1.3.0_alpha2: - New features - Introduced a virtual '(all)' profile selecting all rules - Verbose mode is a global option in all modules - Added Microsoft Windows CPEs - oscap-ssh can supply SSH options into an environment variable - Maintenance - Removed SEXP parser - Added Fedora 30 CPE - Fixed many Coverity defects (memory leaks etc.) - SCE builds are enabled by default - Moved many low-level functions out of public API - Removed unused and dead code - Updated manual pages - Numerous small fixes Key differences from 1.2.x series: - Basic Microsoft Windows support - Removed deprecated command line interfaces - Removed deprecated API symbols - Probes are not separate processes anymore - CMake used as build system - CTest used as a test framework Download: https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz SHA512: 9405d0f17b60ab4a52ddd0f49d0e2395eb2540f0d07d68dfd142e2b8b2988e88cf127230523e68f67d3d22a6dd4eb2397f9468c923d19bb7cb059abf487ab5a1 Audit, Fix, And Be Merry! Jan Černý Security Technologies, Red Hat, Inc. on behalf of OpenSCAP contributors ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
