I'm attempting to run openscap and I was looking for some assistance for
customizing a security guide.

I would like to disable options from the rhel7-stig-disa security guide.
For example, we do not allow ssh to our image and therefore would like to
disable the check to install the screen package.

I followed the instructions here:

This allowed me to capture the customized tailoring-file.  With this file I
attempted to scan our image with the following command:

oscap xccdf eval   --profile stig-rhel7-disa  \
 --results /tmp/scap-results.xml \
 --report /tmp/scap-report.html \
 --tailoring-file /root/data/ssg-rhel7-ds-aro.xml \
 --oval-results --fetch-remote-resources  \
 --cpe /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml

I admit that I am new to openscap and I'm not sure I understand each of the
options here but when viewing the results I continue to see that the screen
check fails.  Is this behavior expected?

Here is the option in my tailoring-file:

I would appreciate some assistance or some explanation of how to achieve a
customized security guide.

Open-scap-list mailing list

Reply via email to