I am working on creating a tailored PCI profile that accounts for items covered by our provider. So I want to tailer the profile to remove what I consider to be false positives. I have created the tailoring file on my Mac desktop and copied it to my centos 7 test machine. However, when I run the oscap command on the centOS server the tailoring file is ignored. Any idea of what I am doing wrong?
oscap xccdf eval --tailoring-file tailoring.xml --report report.html --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml Tailoring File content: <?xml version="1.0" encoding="UTF-8"?> <xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2"; id="xccdf_scap-workbench_tailoring_default"> <xccdf:benchmark href="/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml"/> <xccdf:version time="2017-03-29T09:09:14">1</xccdf:version> <xccdf:Profile id="xccdf_org.ssgproject.content_profile_pci-dss_with_ot" extends="xccdf_org.ssgproject.content_profile_pci-dss"> <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml"; xml:lang="en-US" override="true">PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7 [CUSTOMIZED]</xccdf:title> <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml"; xml:lang="en-US" override="true">This is a *draft* profile for PCI-DSS v3</xccdf:description> <xccdf:select idref="xccdf_org.ssgproject.content_group_aide" selected="false"/> <xccdf:select idref="xccdf_org.ssgproject.content_group_smart_card_login" selected="false"/> </xccdf:Profile> </xccdf:Tailoring> Thanks, Josh Moore Chief Architect TarokoSoftware
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
