RE: EXTERNAL: Re:

Tue, 18 Feb 2014 10:43:32 -0800 

Hello. 

     I managed to generate the my-results-xccdf.xml file but oscap is still not 
able to recognize the remediate argument. It gives me a "no such module 
'remediate' error. Any idea of what might be causing this? 

Luke 
________________________________________
From: [email protected] 
[[email protected]] on behalf of Shawn Wells 
[[email protected]]
Sent: Monday, February 17, 2014 12:51 PM
To: [email protected]
Subject: Re: EXTERNAL: Re:

On 2/17/14, 1:45 PM, Kordell, Luke T wrote:
> Thank you for the input Shawn. I guess the sites I have been referencing are 
> a little dated. Since we are not imbedding bash in the rule .xml file how do 
> we point oscap toward the script during the remediation phase. I tried 
> passing the --remediate argument to oscap but it gave an "unrecognized 
> option" error.

You may find Šimon Lukašík's blog on OpenSCAP Remediation helpful:
http://isimluk.livejournal.com/3573.html

In short:
$ oscap xccdf eval --result ~/my-results-xccdf.xml
/usr/share/scap/my-policy-xccdf.xml
$ oscap xccdf remediate --results ~/my-results-xccdf.xml
~/my-results-xccdf.xml

> Also, how are the rules pointing to the remediation scripts in the fixes 
> directory if we are no longer using fix tags?
The build process will take all XCCDF rules, look for a bash script
matching the XCCDF rule name, and then create the fix tag in the final
output.

Ref
https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL/6/transforms/combinefixes.py
https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL/6/transforms/xccdf-addfixes.xslt

To see this in action:
[shawn@SSG-RHEL6 6]$ pwd
/var/www/html/scap-security-guide/RHEL/6
[shawn@SSG-RHEL6 6]$ make content
[shawn@SSG-RHEL6 6]$ grep -rin "<fix" output/ssg-rhel6-xccdf.xml

..... and then find the line numbers in the output/ssg-rhel6-xccdf.xml file
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

Reply via email to