Hi Watson,
Thanks for your detailed reply and apologies for my delay in responding. Went off to look for something else that may do the job. The link that Eric has provided was initially what got me thinking about using OpenSCAP to do this task, it's real shame the approach of needing an agent was taken. Interestingly enough though, we've started looking into Ansible (another RedHat sponsored project) and that does have some support for appliance type devices (if not exactly perfect) as it principally agentless (as long as python exists somewhere). My scope has also expanded from just Cisco to also include F5, Palo Alto and other network appliance vendors. In my original reply, I gave a rough list of tasks that perhaps could be run to achieve whats needed (and it looks very similar to a list of Plays). Having reviewed Ansible I'm thinking could those "Plays" be put into an Ansible Playbook and have it go and gather all the required info for example running 'show version' or 'show run logging' against a network device, format this in the required results format that oscap expects and then invoke it to generate the report. Really keen to not reinvent the wheel here but I'm probably way out on a limb. If this isn't possible maybe us Network Engineers will just need to fork OpenSCAP and make it work without an agent.....something tells me this won't be happening any time soon 😉 Thanks again Lee ________________________________ From: Watson Yuuma Sato <[email protected]> Sent: 16 March 2017 13:14 To: Eric Holtzclaw; Lee Wilson; [email protected] Subject: Re: [Open-scap] OpenSCAP for embedded/network devices On 15/03/17 17:24, Eric Holtzclaw wrote: You do have support for Cisco http://www.cisco.com/c/en/us/about/security-center/oval-security-automation.html [https://www.cisco.com/web/fw/i/logo-open-graph.gif]<http://www.cisco.com/c/en/us/about/security-center/oval-security-automation.html> Security Automation Using OVAL - Cisco<http://www.cisco.com/c/en/us/about/security-center/oval-security-automation.html> www.cisco.com Most security and network administrators seek ways to leverage standards and available tools to reduce the complexity and time necessary to respond to security ... I see that Cisco provides OVAL content to scan their devices, and even provides an example of how to do so, but using joval, which can perform remote scanning without installation of any agent. I still don't see how to scan Cisco devices with OpenSCAP. Am I missing something? -- Watson Sato Security Technologies | Red Hat, Inc
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
