Hi, Some of the rules in SCAP Security guide can be parametrized using "XCCDF Value". Those values can be set in SCAP Workbench. However that's not the case of this particular rule, the value is hard-coded in regular expressions across the file. We use parametrized values for example in rules that specify minimal length of a password etc.
The fastest way would be to replace the auid in OVAL file manually. Better way would be to rework the rules so that they're parametrized using XCCDF Values. Best regards Jan Černý Security Technologies | Red Hat, Inc. ----- Original Message ----- > From: "Sébastien Barbereau" <barber...@gmail.com> > To: open-scap-list@redhat.com > Sent: Thursday, April 13, 2017 11:30:40 AM > Subject: [Open-scap] Tuning/Customisation of SSG OVAL > > Hi > due to some of our systems setup I am looking for a way to tune some of the > SSG OVAL tests but i'm not sure what is the best approach. > > For example: the test > xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod checks > whether auid >= 1000 this is good but our system implementation puts the > configuration settings at auid>=512. This results in the test failing while > the system is in fact compliant. I could of course just skip the test, but > that would miss the point. Alterntively I though of forking a personal > version of the ssg oval file with the settings matching my needs. Is there > another more subtle alternative? > > tx > > > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list