On 8/3/17 11:35 AM, Watson Yuuma Sato wrote: > On 03/08/17 15:36, Watson Yuuma Sato wrote: >> On 03/08/17 11:07, Marek Haicman wrote: >>> On 08/03/2017 02:28 AM, Shawn Wells wrote: >>>> Hey Guys >>>> >>>> Just downloaded the RHEL 7.4 installation media and attempted >>>> to use the oscap-anaconda features. Selected "security" during the >>>> installer, and noticed a few things: >>>> >>>> (1) The CUI/NIST 800-171 profile has the description from OSPP: >>>> >>>> >>>> (2) There are multiple RHEL7 STIG options: >>>> >>>> >>>> I'm not sure how/why this is happening. >>>> >>>> The 800-171 profile does extend OSPP. Do we need a "extends" for >>>> the profile description field? >>>> https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/7/input/profiles/nist-800-171-cui.xml >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> scap-security-guide mailing list -- >>>> [email protected] >>>> To unsubscribe send an email to >>>> [email protected] >>>> >>> Hey Shawn, >>> ad (2) this is known issue >>> https://bugzilla.redhat.com/show_bug.cgi?id=1437106 >>> >>> For (1) that description is the same that SCAP Workbench displays, >>> and oscap generates from the guides (as can be seen >>> http://static.open-scap.org/ssg-guides/ssg-rhel7-guide-index.html). >>> Extend concatenates description of extended profile and the >>> extending one. Is it a bug? >> This is not a bug. >> To replace extended description, extending description element should >> have attribute override="true", like the title element has. > Well, this is a bug if description of CUI/NIST 800-171 is not expected > to be appended to description of OSPP Profile.
IMHO it comes down to the profiles not including "override=true" in the profile descriptions. Never knew they were needed. How come we didn't have this problem in earlier editions of oscap-anaconda? The profiles don't seem to have override=true in the description field, but in prior RHEL releases things were OK. -- Shawn Wells Chief Security Strategist North America Public Sector [email protected] | 443-534-0130
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
