To be specific, 

1st goal   - Build oval content
2nd goal  - Build remediation content
3rd goal   - Merge with existing xccdf and create source ds
______________________________________
From: Pravin Goyal <[email protected]>
Sent: Thursday, March 31, 2016 9:06 AM
To: [email protected]
Subject: Re: [Open-scap] OVAL content authoring tool

Team,
I need help. I need to setup a new platform say "SLES 11" in 
"scap-security-guide" project. What are the steps to be done? Where do I start?

I see that the community has already done a lot of automation work in churning 
out SCAP DS with xccdf, oval and remediation.

Please help.

Thanks and regards,
Pravin Goyal

________________________________________
From: Martin Preisler <[email protected]>
Sent: Wednesday, March 30, 2016 8:18 PM
To: Pravin Goyal
Subject: Re: [Open-scap] OVAL content authoring tool

----- Original Message -----
> From: "Pravin Goyal" <[email protected]>
> To: "Martin Preisler" <[email protected]>
> Sent: Wednesday, March 30, 2016 12:24:14 AM
> Subject: Re: [Open-scap] OVAL content authoring tool
>
> One thing that I can promise is to contribute OVAL checks that you can
> include in SSG. I am targeting to develop OVAL rules for SLES 11 SP3 OS. So,
> there would be a lot of common stuff.

Please send your questions to the public mailing list. That way more people
benefit from the reply. Thanks for understanding.


> Trying to understand how to work with these transforms.
> ________________________________________
> From: Pravin Goyal <[email protected]>
> Sent: Wednesday, March 30, 2016 9:14 AM
> To: Martin Preisler
> Subject: Re: [Open-scap] OVAL content authoring tool
>
> Hi Martin,
> I could see the scripts in Github. Is there a documented way to use it?
>
> Basically, I am looking to just do OVAL content at this point of time and
> later merge with XCCDF document when I have it.
>
> Thanks and regards,
> Pravin Goyal
> ________________________________________
> From: Pravin Goyal <[email protected]>
> Sent: Wednesday, March 30, 2016 4:16 AM
> To: Martin Preisler
> Subject: Re: [Open-scap] OVAL content authoring tool
>
> Thanks Martin for the quick response.
>
> >  I recommend looking at how SSG is built,
> > how we use templates to generate the boilerplate.
>
> Do you have this documented somewhere? Can you please share the link?
>
> > I recommend leveraging this community. I don't know if the project you will
> > be working on is an open source project but if so we will be able (and
> > happy)
> > to help you review the patches and work on the project.
>
> Thanks for extending the help. As of now, the OVAL content creation is tied
> very much to an internal product. STIG development for the product is in
> progress. We are just starting.
> ________________________________________
> From: Martin Preisler <[email protected]>
> Sent: Tuesday, March 29, 2016 9:48 PM
> To: Pravin Goyal
> Cc: [email protected]
> Subject: Re: [Open-scap] OVAL content authoring tool
>
> ----- Original Message -----
> > From: "Pravin Goyal" <[email protected]>
> > To: [email protected]
> > Sent: Tuesday, March 29, 2016 1:32:53 AM
> > Subject: [Open-scap] OVAL content authoring tool
> >
> > Hi Team,
> > I am sure this is a FAQ. Do you know of a well-maintained content authoring
> > tool?
>
> We have tried several times to come up with some fancy GUI tool to help with
> the development but never succeeded. The GUI tool ends up having too many
> options or it's not powerful enough. I recommend looking at how SSG is built,
> how we use templates to generate the boilerplate.
>
> The tools I suggest are git, a text editor and SSG build scripts.
>
> > I am aware of
> > https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL/6/transforms
> > that we use to develop SSG content.
> >
> > Is this still valid -
> > http://blog-shawndwells.rhcloud.com/wp-content/uploads/2013/07/SCAP-Workshop-Coursebook-v2.pdf
> > ?
>
> Looks like it is except for the repository URIs. Change them to github URIs
> and this will work.
>
> > Do you have any other suggestions in this regard? I am beginning a project
> > that would require the development of some 500+ OVAL rules. So, I am just
> > ensuring that I can make the best use of tools or processes already known
> > to
> > the community.
>
> I recommend leveraging this community. I don't know if the project you will
> be working on is an open source project but if so we will be able (and happy)
> to help you review the patches and work on the project.
>
> --
> Martin Preisler
> Identity Management and Platform Security | Red Hat, Inc.
>

--
Martin Preisler
Identity Management and Platform Security | Red Hat, Inc.

_______________________________________________
Open-scap-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to