On 9/16/13 10:38 PM, Jeffrey Blank wrote:
Sad face.
cry baby
http://people.redhat.com/swells/4jeff.txt
On Mon, Sep 16, 2013 at 10:35 PM, Shawn Wells <[email protected]> wrote:
On 9/16/13 10:31 PM, Jeffrey Blank wrote:
Ah, this is an interesting point. I might be first interested in
seeing generation of a kickstart %post script from the remediation
content here, but this is definitely worth considering.
Backup copies of the files would be incredibly trivial to add.
As for KS file:
oscap xccdf eval --profile stig-rhel6-server \
--results /var/www/html/ssg-results/results.xml \
--report /var/www/html/ssg-results/report.html \
--cpe-dict ssg-rhel6-cpe-dictionary.xml \
ssg-rhel6-xccdf.xml ; \
oscap xccdf generate fix \
--result-id xccdf_org.open-scap_testresult_stig-rhel6-server \
/var/www/html/ssg-results/results.xml \
/var/www/html/ssg-results/script.sh ; \
cat /var/www/html/ssg-results/script.sh
Related: do we have a handle on how many changes are needed from a
default RHEL installation?
~200
On Mon, Sep 16, 2013 at 7:41 AM, Leam Hall<[email protected]> wrote:
Shawn,
One of the things I'm doing with Aqueduct is ensuring that we make
backup
copies of files. This is something my user base has strongly requested
and
their concerns are valid; if we run a fix tool with hundreds of changes,
and
the server looses functionality, being able to quickly see what was
changed
and fix/revert becomes critical.
Leam
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
