On 9/16/13 10:31 PM, Jeffrey Blank wrote:
Ah, this is an interesting point. I might be first interested in
seeing generation of a kickstart %post script from the remediation
content here, but this is definitely worth considering.
Backup copies of the files would be incredibly trivial to add.
As for KS file:
oscap xccdf eval --profile stig-rhel6-server \
--results /var/www/html/ssg-results/results.xml \
--report /var/www/html/ssg-results/report.html \
--cpe-dict ssg-rhel6-cpe-dictionary.xml \
ssg-rhel6-xccdf.xml ; \
oscap xccdf generate fix \
--result-id xccdf_org.open-scap_testresult_stig-rhel6-server \
/var/www/html/ssg-results/results.xml \
>/var/www/html/ssg-results/script.sh ; \
cat /var/www/html/ssg-results/script.sh
Related: do we have a handle on how many changes are needed from a
default RHEL installation?
~200
On Mon, Sep 16, 2013 at 7:41 AM, Leam Hall<[email protected]> wrote:
>Shawn,
>
>One of the things I'm doing with Aqueduct is ensuring that we make backup
>copies of files. This is something my user base has strongly requested and
>their concerns are valid; if we run a fix tool with hundreds of changes, and
>the server looses functionality, being able to quickly see what was changed
>and fix/revert becomes critical.
>
>Leam
--
Shawn Wells
Director, Innovation Programs
[email protected] | 443.534.0130
@shawndwells
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
