On 4/5/17 2:54 PM, Greg Hennessy wrote:
> Bummer
>
> On Wed, Apr 5, 2017 at 1:53 PM, Shawn Wells <sh...@redhat.com
> <mailto:sh...@redhat.com>> wrote:
>
>
>
>     On 4/5/17 1:43 PM, Greg Hennessy wrote:
>>     I am exploring the use of open-scap to verify my machines meet
>>     the DISA stigs. If I run oscap against the 
>>     /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml file  things
>>     seem to work
>>     as expected. If I run oscap against the file from iase.disa.mil
>>     <http://iase.disa.mil>, all 
>>     of the results show "notchecked". Does anyone have a sugguestion
>>     as to
>>     how to force the checks to happen?
>>
>>     My typed command line is:
>>
>>     # oscap xccdf eval --profile MAC-2_Public  --report
>>     /tmp/disa_stig.html
>>     U_Red_Hat_Enterprise_Linux_7_STIG_V1R1_Manual-xccdf.xml
>
>     DISA does not publish automation content -- so it's impossible to
>     use their content.
>

With that said, we're tracking to having a SSG profile align more
directly against the content DISA published. Here's a dashboard with the
missing pieces:

https://github.com/OpenSCAP/scap-security-guide/projects/7

Patches most welcome, especially to build out missing OVAL!
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to