Re: [PATCH 0/4] support for CPE creation

[Kevin Spargur]

Ack.  Good point about the filenames.  If you don't mind, I'll update 
the wiki with some naming conventions  based on this here.

-Kevin

On 08/11/2012 02:30 PM, Jeffrey Blank wrote:
These patches allow for generation of cpe-dictionary and cpe-oval files.  The
cpe-oval file is extracted from whatever definitions are of the "inventory"
class in the main body of OVAL content. The cpe-dictionary file is generated
from a template which lives in input/checks/platform, whose fields are then
adjusted to properly reference the OVAL filename and definitions.  I am not
terribly happy with this, but it is the most elegant thing I could come up with
in the short term.

Before long, we may also re-arrange the content filenames to be like
organization-product-scapacronym.xml, which is apparently considered "best
practice".  It will, however, still be easy for any consumer of the content to
change the identifier when building the content by changing $(ID) in the
Makefile.



This is not terribly elegant, but again it is designed to ease creation
of the CPE files that some scanning tools apparently require.

Jeffrey Blank (4):
   updated OVAL inventory check with reasonable IDs      * will need to
     be expanded later, or possibly joined later by        inventory
     checks for other versions of RHEL 6 to which the content applies
   added lines to "content" Makerule to also generate CPE-related files,
         made ID variable for filename instances in case we decide to
     change/shorten to "scapguide"
   added new CPE dictionary file (with fields that are adjusted by
     cpe_generate.py script during the ID/filename "linking" phase)
   new script to create CPE files     * the script creates a cpe-oval
     file from inventory definitions, links it to cpe-dictionary file

  RHEL6/Makefile                                     |   26 +++--
  RHEL6/input/checks/installed_OS_is_rhel6.xml       |   36 +++---
  .../input/checks/platform/rhel6-cpe-dictionary.xml |   10 ++
  RHEL6/transforms/cpe_generate.py                   |  109 ++++++++++++++++++++
  4 files changed, 153 insertions(+), 28 deletions(-)
  create mode 100644 RHEL6/input/checks/platform/rhel6-cpe-dictionary.xml
  create mode 100755 RHEL6/transforms/cpe_generate.py

_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

--

V/r,

Kevin Spargur
kspar...@redhat.com
571.330.8349

_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide