Hi Terry, A rollback is usual not possible as the previous state is not captured before remediation. This goes for file and directory permissions, installing new packages with the needed package relationships and configuration file changes.
Shell script remediation does look like this for SLES-12-010460: https://github.com/ComplianceAsCode/content/blob/2b2152d288e05f0d64f26fff3f01b0e75311023d/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh Regards, Alex~ On Tue, May 18, 2021 at 08:43:38PM +0000, Lemons, Terry wrote: > Hi > > I'm clear that oscap supports an evaluation function and a remediation > function. But does a remediation rollback function exist, which would un-do a > remediation change? > > Thanks > tl > > Terry Lemons > > [DellEMC_Logo_Hz_Blue_rgb_10percent] > Data Management > Infrastructure Solutions Group > > 176 South Street, MS 2/B-34 > Hopkinton MA 01748 > terry.lem...@dell.com<mailto:terry.lem...@dell.com> > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://listman.redhat.com/mailman/listinfo/open-scap-list -- Alexander Bergmann <abergm...@suse.com> Security Engineer, GPG: E30A 65A4 0F50 0066 B2B5 F614 DE54 E875 9FFA 4886 SUSE Software Solutions Germany GmbH Maxfeldstr. 5, 90409 Nuremberg, Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer
signature.asc
Description: PGP signature
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://listman.redhat.com/mailman/listinfo/open-scap-list
