Le 04/10/2016 à 16:26, Gabe Alford a écrit : > Hello, > > Both the DISA SRGs and STIGIDs are added to the applicable RHEL/7 content. > You can verify this by either `grep -rni 'stigid\|srg' > RHEL/7/input/xccdf`, or `grep 'SRG\|RHEL-07' ssg-rhel7-xccdf.xml` > Also, when a report is generated with the oscap --report option, the SRG > and STIGID identifiers can be viewed in the report. > > Gabe
Hello Gabe, Thanks for your answer. So I tried to write a little script which takes the XCCDF file downloaded from DISA site and try to find the matching rules into the RHEL/7/input/xccdf/*.xml files. For now, I justed focused on the stigid identifiers not on the SGR ones. Actually the result is that I have 97 rules matching with the DISA XCCDF upstream file ? Do you think it is a relevant number ? Browsing the OPENSCAP XCCDF files I realised that there were some DISA rules that maybe already covered but there is not actually a stigid attributed attached to these rules. Do you think it can be relevant if I try to complete OPENSCAP XCCDF files with missing stigid if matches can be found against the DISA XCCDF upstream file ? Or is it definitely not the process ? Thanks for your answer. Regards, Olivier Bonhomme _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org