To be specific, 1st goal - Build oval content 2nd goal - Build remediation content 3rd goal - Merge with existing xccdf and create source ds ______________________________________ From: Pravin Goyal <[email protected]> Sent: Thursday, March 31, 2016 9:06 AM To: [email protected] Subject: Re: [Open-scap] OVAL content authoring tool
Team, I need help. I need to setup a new platform say "SLES 11" in "scap-security-guide" project. What are the steps to be done? Where do I start? I see that the community has already done a lot of automation work in churning out SCAP DS with xccdf, oval and remediation. Please help. Thanks and regards, Pravin Goyal ________________________________________ From: Martin Preisler <[email protected]> Sent: Wednesday, March 30, 2016 8:18 PM To: Pravin Goyal Subject: Re: [Open-scap] OVAL content authoring tool ----- Original Message ----- > From: "Pravin Goyal" <[email protected]> > To: "Martin Preisler" <[email protected]> > Sent: Wednesday, March 30, 2016 12:24:14 AM > Subject: Re: [Open-scap] OVAL content authoring tool > > One thing that I can promise is to contribute OVAL checks that you can > include in SSG. I am targeting to develop OVAL rules for SLES 11 SP3 OS. So, > there would be a lot of common stuff. Please send your questions to the public mailing list. That way more people benefit from the reply. Thanks for understanding. > Trying to understand how to work with these transforms. > ________________________________________ > From: Pravin Goyal <[email protected]> > Sent: Wednesday, March 30, 2016 9:14 AM > To: Martin Preisler > Subject: Re: [Open-scap] OVAL content authoring tool > > Hi Martin, > I could see the scripts in Github. Is there a documented way to use it? > > Basically, I am looking to just do OVAL content at this point of time and > later merge with XCCDF document when I have it. > > Thanks and regards, > Pravin Goyal > ________________________________________ > From: Pravin Goyal <[email protected]> > Sent: Wednesday, March 30, 2016 4:16 AM > To: Martin Preisler > Subject: Re: [Open-scap] OVAL content authoring tool > > Thanks Martin for the quick response. > > > I recommend looking at how SSG is built, > > how we use templates to generate the boilerplate. > > Do you have this documented somewhere? Can you please share the link? > > > I recommend leveraging this community. I don't know if the project you will > > be working on is an open source project but if so we will be able (and > > happy) > > to help you review the patches and work on the project. > > Thanks for extending the help. As of now, the OVAL content creation is tied > very much to an internal product. STIG development for the product is in > progress. We are just starting. > ________________________________________ > From: Martin Preisler <[email protected]> > Sent: Tuesday, March 29, 2016 9:48 PM > To: Pravin Goyal > Cc: [email protected] > Subject: Re: [Open-scap] OVAL content authoring tool > > ----- Original Message ----- > > From: "Pravin Goyal" <[email protected]> > > To: [email protected] > > Sent: Tuesday, March 29, 2016 1:32:53 AM > > Subject: [Open-scap] OVAL content authoring tool > > > > Hi Team, > > I am sure this is a FAQ. Do you know of a well-maintained content authoring > > tool? > > We have tried several times to come up with some fancy GUI tool to help with > the development but never succeeded. The GUI tool ends up having too many > options or it's not powerful enough. I recommend looking at how SSG is built, > how we use templates to generate the boilerplate. > > The tools I suggest are git, a text editor and SSG build scripts. > > > I am aware of > > https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL/6/transforms > > that we use to develop SSG content. > > > > Is this still valid - > > http://blog-shawndwells.rhcloud.com/wp-content/uploads/2013/07/SCAP-Workshop-Coursebook-v2.pdf > > ? > > Looks like it is except for the repository URIs. Change them to github URIs > and this will work. > > > Do you have any other suggestions in this regard? I am beginning a project > > that would require the development of some 500+ OVAL rules. So, I am just > > ensuring that I can make the best use of tools or processes already known > > to > > the community. > > I recommend leveraging this community. I don't know if the project you will > be working on is an open source project but if so we will be able (and happy) > to help you review the patches and work on the project. > > -- > Martin Preisler > Identity Management and Platform Security | Red Hat, Inc. > -- Martin Preisler Identity Management and Platform Security | Red Hat, Inc. _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
