Hi, OpenSCAP support for Windows hasn't been improved much since the 1.3.0_alpha1 releases. The only thing that we have done recently is that we added Windows CPEs to the inbuilt CPE dictionary.
> How far along is Windows support? Saw the mention of 'basic' -- but how > should OpenSCAP on Windows be positioned? OpenSCAP 1.3.0 can be compiled and installed on Windows, it runs, it produces "some" results. But it's very bad. > - How many Windows probes are implemented? OpenSCAP 1.3.0 for Windows has the following 4 probes: * system_info * registry * wmi57 * accesstoken > - Does OpenSCAP on Windows pass the NIST automated tooling? Nobody tried that. I expect that it doesn't pass. > - Where can we send people who want to find out more? For people that would like to contribute code I would point them to developer's manual where they can find how to build it on Windows. https://github.com/OpenSCAP/openscap/blob/master/docs/developer/developer.adoc For normal users we don't have anything. I think we definitely should mention that it exists on www.open-scap.org. The problem with OpenSCAP for Windows is that nobody is working on that now, and it is not tested at all. Also, it is not supported by Red Hat in any way. I'm sorry if the release announcement email caused a confusion. I mentioned the Windows support under "Key differences from 1.2.x series" because the 1.3.0_alpha1 and 1.3.0_alpha2 releases were intended as pre-releases. I supposed most people didn't follow their changelog. I wanted to point out there at least the main differences of 1.3.0 for users of 1.2.x releases. However, as usually, the full changelog is located at: https://github.com/OpenSCAP/openscap/blob/master/NEWS Regards Jan Černý Security Technologies | Red Hat, Inc. ----- Original Message ----- > From: "Shawn Wells" <[email protected]> > To: [email protected] > Sent: Tuesday, October 9, 2018 5:53:08 PM > Subject: Re: [Open-scap] OpenSCAP 1.3.0 > > > > On 10/9/18 7:38 AM, Jan Cerny wrote: > > Hello OpenSCAPers, > > > > We are thrilled to announce general availability of OpenSCAP 1.3.0 release. > > > > This is the first release from maint-1.3 maintenance branch. API/ABI is not > > compatible with 1.2.x releases. API/ABI is not compatible with 1.3.0_alpha > > releases. > > > > Changes from 1.3.0_alpha2: > > - New features > > - Introduced a virtual '(all)' profile selecting all rules > > - Verbose mode is a global option in all modules > > - Added Microsoft Windows CPEs > > - oscap-ssh can supply SSH options into an environment variable > > - Maintenance > > - Removed SEXP parser > > - Added Fedora 30 CPE > > - Fixed many Coverity defects (memory leaks etc.) > > - SCE builds are enabled by default > > - Moved many low-level functions out of public API > > - Removed unused and dead code > > - Updated manual pages > > - Numerous small fixes > > > > Key differences from 1.2.x series: > > - Basic Microsoft Windows support > > - Removed deprecated command line interfaces > > - Removed deprecated API symbols > > - Probes are not separate processes anymore > > - CMake used as build system > > - CTest used as a test framework > > > > Download: > > https://github.com/OpenSCAP/openscap/releases/download/1.3.0/openscap-1.3.0.tar.gz > > > > SHA512: > > 9405d0f17b60ab4a52ddd0f49d0e2395eb2540f0d07d68dfd142e2b8b2988e88cf127230523e68f67d3d22a6dd4eb2397f9468c923d19bb7cb059abf487ab5a1 > > > > Audit, Fix, And Be Merry! > > Thanks Jan! > > How far along is Windows support? Saw the mention of 'basic' -- but how > should OpenSCAP on Windows be positioned? > > For example: > - How many Windows probes are implemented? > - Does OpenSCAP on Windows pass the NIST automated tooling? > - Where can we send people who want to find out more? > > _______________________________________________ > Open-scap-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/open-scap-list > _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
