On 4/5/17 2:54 PM, Greg Hennessy wrote: > Bummer > > On Wed, Apr 5, 2017 at 1:53 PM, Shawn Wells <[email protected] > <mailto:[email protected]>> wrote: > > > > On 4/5/17 1:43 PM, Greg Hennessy wrote: >> I am exploring the use of open-scap to verify my machines meet >> the DISA stigs. If I run oscap against the >> /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml file things >> seem to work >> as expected. If I run oscap against the file from iase.disa.mil >> <http://iase.disa.mil>, all >> of the results show "notchecked". Does anyone have a sugguestion >> as to >> how to force the checks to happen? >> >> My typed command line is: >> >> # oscap xccdf eval --profile MAC-2_Public --report >> /tmp/disa_stig.html >> U_Red_Hat_Enterprise_Linux_7_STIG_V1R1_Manual-xccdf.xml > > DISA does not publish automation content -- so it's impossible to > use their content. >
With that said, we're tracking to having a SSG profile align more directly against the content DISA published. Here's a dashboard with the missing pieces: https://github.com/OpenSCAP/scap-security-guide/projects/7 Patches most welcome, especially to build out missing OVAL!
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
