I'm attempting to run openscap and I was looking for some assistance for customizing a security guide.
I would like to disable options from the rhel7-stig-disa security guide. For example, we do not allow ssh to our image and therefore would like to disable the check to install the screen package. I followed the instructions here: https://www.open-scap.org/resources/documentation/customizing-scap-security-guide-for-your-use-case/ This allowed me to capture the customized tailoring-file. With this file I attempted to scan our image with the following command: oscap xccdf eval --profile stig-rhel7-disa \ --results /tmp/scap-results.xml \ --report /tmp/scap-report.html \ --tailoring-file /root/data/ssg-rhel7-ds-aro.xml \ --oval-results --fetch-remote-resources \ --cpe /usr/share/xml/scap/ssg/content/ssg-rhel7-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml I admit that I am new to openscap and I'm not sure I understand each of the options here but when viewing the results I continue to see that the screen check fails. Is this behavior expected? Here is the option in my tailoring-file: <xccdf:select idref="xccdf_org.ssgproject.content_rule_package_screen_installed" selected="false"/> I would appreciate some assistance or some explanation of how to achieve a customized security guide. Thanks, kenny
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
