----- Original Message ----- > From: "Shawn Wells" <sh...@redhat.com> > To: scap-security-guide@lists.fedorahosted.org > Sent: Sunday, August 31, 2014 8:14:05 AM > Subject: Re: New report and guide in openscap 1.1.0 > > On 8/29/14, 5:41 AM, Martin Preisler wrote: > > ----- Original Message ----- > >> > From: "Trey Henefield" <trey.henefi...@ultra-ats.com> > >> > To: "SCAP Security Guide" <scap-security-guide@lists.fedorahosted.org> > >> > Sent: Thursday, August 28, 2014 9:28:34 PM > >> > Subject: RE: New report and guide in openscap 1.1.0 > >> > > >> > I had provided a comment a while back that I never heard back on. > >> > > >> > "I am not sure if it has been mentioned, but I personally would find it > >> > useful to include details on the results. > >> > > >> > For instance, considering a check that ensures all libraries meet > >> > certain > >> > permissions, it would be useful to identify all entries that are > >> > non-compliant, if failed. > > We already do that for a lot of checks but not all. For example it's done > > for file permission checks. > > > > Random Examples: > > "Verify and Correct File Permissions with RPM" > > "Verify that All World-Writable Directories Have Sticky Bits Set" > > "Ensure All Files Are Owned by a User" > > "Set Password Minimum Length in login.defs" > > ... > > > > Is there any type of a check that is missing this functionality where it > > is essential? > > Honestly, it'd be incredibly useful for all of them. > > From the table on File Permissions with RPM, noticed the stylesheet > creates the "OVAL details" label. Tried searching through the OpenSCAP > code to see how the XSLT gets this information to no avail: > https://github.com/OpenSCAP/openscap/search?utf8=%E2%9C%93&q=%22OVAL+details%22&type=Code
The way it works is somewhat complicated :-) See https://github.com/OpenSCAP/openscap/blob/master/xsl/xccdf-report-impl.xsl#L420 We try to locate an OVAL results file, query the relevant objects using XPath and run templates on them, generating HTML. https://github.com/OpenSCAP/openscap/blob/master/xsl/xccdf-report-oval-details.xsl contains support for some OVAL objects. If you need more it has to be added into that file. -- Martin Preisler -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
