Hello,

On Sun, Jan 13, 2019 at 3:22 AM Boyd Ako <boyd.hanalei....@gmail.com> wrote:

> So, after playing around with oscap remediation fix I think there should
> be a standard on what commands “CAN” be used and have them set as a
> required package for opens cap. Yes, I know that that “generate fix” should
> be used cautiously.


It would be impractical to have OpenSCAP or SSG to require every package
used within in any fix script.

But, I noticed some of the FIX snippets in the SSGs used some commands that
> I didn’t have installed like DNF and DCONF.
>

The suggested fix script used DNF command on a system which doesn't use
DNF? This looks like a bug.


> I would also imagine some of those commands are used to determine the
> findings.
>
Unless you are using SCE (Script Checking Engine), that should not be the
case, the checks in SSG rely on OVAL to evaluate the system.
So OpenSCAP scanner should already require everything it needs to be able
to scan.


>
> I could be wrong and that sort of thing is already in place. But, I just
> don’t know where it’s stated and defined.
>
>
>
>
> Domo,
>
> Boyd H. Ako
>
>
> boyd.hanalei....@gmail.com
> (424) 244-9653
> https://www.boydhanaleiako.me
>
> “Coming together is a beginning. Keeping together is progress. Working
> together is success.” -Henry Ford
>
> PGP/GPG Public Key:
> https://sks-keyservers.net/pks/lookup?op=get&search=0xC58073B21618F134
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list@redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list



-- 
Watson Sato
Security Technologies | Red Hat, Inc
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to