Can you try replacing, --profile xccdf_org.ssgproject.content_profile_pci-dss
With --profile xccdf_org.ssgproject.content_profile_pci-dss_with_ot From: [email protected] [mailto:[email protected]] On Behalf Of Josh Moore Sent: Wednesday, March 29, 2017 6:49 PM To: [email protected] Subject: [Open-scap] tailoring file not working I am working on creating a tailored PCI profile that accounts for items covered by our provider. So I want to tailer the profile to remove what I consider to be false positives. I have created the tailoring file on my Mac desktop and copied it to my centos 7 test machine. However, when I run the oscap command on the centOS server the tailoring file is ignored. Any idea of what I am doing wrong? oscap xccdf eval --tailoring-file tailoring.xml --report report.html --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml Tailoring File content: <?xml version="1.0" encoding="UTF-8"?> <xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2<https://urldefense.proofpoint.com/v2/url?u=http-3A__checklists.nist.gov_xccdf_1.2&d=CwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=ylluGgiy6YcBNWxAWKqJ9Q&m=VwBwnTVJ6mbd1LCcB1mmKlR4TDm7H5rmbFpbSTdl8o8&s=9rqddwDp15TZtPAQFqFc1Cfp3tmrR5nqYnTRme9xenk&e=>" id="xccdf_scap-workbench_tailoring_default"> <xccdf:benchmark href="/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml"/> <xccdf:version time="2017-03-29T09:09:14">1</xccdf:version> <xccdf:Profile id="xccdf_org.ssgproject.content_profile_pci-dss_with_ot" extends="xccdf_org.ssgproject.content_profile_pci-dss"> <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.w3.org_1999_xhtml&d=CwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=ylluGgiy6YcBNWxAWKqJ9Q&m=VwBwnTVJ6mbd1LCcB1mmKlR4TDm7H5rmbFpbSTdl8o8&s=DKeXAv2csKLxOp4wSQI6DAH1VtLlOc0plYIVpTPuVVs&e=>" xml:lang="en-US" override="true">PCI-DSS v3 Control Baseline for Red Hat Enterprise Linux 7 [CUSTOMIZED]</xccdf:title> <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.w3.org_1999_xhtml&d=CwMFaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=ylluGgiy6YcBNWxAWKqJ9Q&m=VwBwnTVJ6mbd1LCcB1mmKlR4TDm7H5rmbFpbSTdl8o8&s=DKeXAv2csKLxOp4wSQI6DAH1VtLlOc0plYIVpTPuVVs&e=>" xml:lang="en-US" override="true">This is a *draft* profile for PCI-DSS v3</xccdf:description> <xccdf:select idref="xccdf_org.ssgproject.content_group_aide" selected="false"/> <xccdf:select idref="xccdf_org.ssgproject.content_group_smart_card_login" selected="false"/> </xccdf:Profile> </xccdf:Tailoring> Thanks, Josh Moore Chief Architect TarokoSoftware
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
