----- Original Message ----- > From: "Jan Cerny" <[email protected]> > To: "Shawn Wells" <[email protected]> > Cc: [email protected] > Sent: Monday, July 11, 2016 9:04:09 AM > Subject: Re: [Open-scap] Informational value > > Hi Shawn, Hi all, > > ----- Original Message ----- > > From: "Shawn Wells" <[email protected]> > > To: [email protected] > > Sent: Tuesday, July 5, 2016 3:46:44 PM > > Subject: Re: [Open-scap] Informational value > > > > > > > > On 7/1/16 3:38 AM, Jan Cerny wrote: > > > > > > > > Regarding your second question, OpenSCAP >= 1.2.2 can display OVAL results > > in the HTML report if you run it with "--oval-results", eg.: > > > > # oscap xccdf eval --results results.xml --oval-results --report > > report.html > > my_benchmark.xml > > > > The HTML report will look like in [2]. > > > > [1] http://csrc.nist.gov/publications/nistir/ir7275-rev4/NISTIR-7275r4.pdf > > (page 43) > > [2] > > https://www.open-scap.org/wp-content/uploads/2015/09/ssg-rhel7-ds-xccdf.report.html > > > > Can we have the findings showup in the default reports, e.g. those without > > --oval-results? Why burden the users with another CLI argument? > > The report is generated from both the XCCDF results and OVAL results > documents > using XSLT templates and transformations. The XSLT just parses the XML > document > and converts it into a nicely formated document.
This is a long standing issue. We recommend using ARF (--results-arf) to mitigate it. OVAL details are always generated if the user is using ARF results instead of the plain XCCDF results. > I think we can have OVAL details by default when report is created. > On the other hand, the --oval-results option has a side effect - it generates > an OVAL results XML document. > Does it matter that there will be always an additional file? Or should we > create a temporary file? To solve this cleanly we could output OVAL results if the option is present and output to temporary file if it is not present. We would have to destroy that file when oscap process exits. > Could we prefer using ARFs? Yes, we prefer ARFs and recommend everybody uses them instead of plain XCCDF results. -- Martin Preisler Identity Management and Platform Security | Red Hat, Inc. _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
