On 12/18/2013 09:33 PM, Shawn Wells wrote: > On 12/18/13, 11:39 AM, Simon Lukasik wrote: >> You can then verify the fix by running: >> >> $ oscap xccdf generate fix \ >> --output my-fixes.xml >> --profile usgcb-rhel6-server \ >> --template urn:xccdf:fix:script:sh \ >> ./scap-security-guide/RHEL6/dist/content/ssg-rhel6-xccdf.xml >> >> No need to run it on a system. Nor sed. > > > Incredibly handy! Two things: > > (1) On OpenSCAP 0.9.12-1, the output file is chmod'd to 100. Could this > be something more reasonable -- such as inheriting the umask value, or > perhaps 500, as this will be a script to execute? >
Yep, there was a bug in mask as well. It should have been created with 700 now. > (2) The output file does not include any of the CCE information. Is > there a way to have this included (happy to open an RFE if needed)? > I am wondering for whom is the CCE useful in the fix script. But yes, you can file an RFE for anything. ;-) -- Simon Lukasik Security Technologies _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
