There is an RFE open in OpenSCAP for this very thing at

Outside of tailoring a profile, nothing super easy from the OpenSCAP side
of the house.


On Thu, Mar 1, 2018 at 8:59 PM, Fen Labalme <fen.laba...@civicactions.com>

> The goal is to create a hardened EC2 server on AWS from scratch. After
> provisioning a new RHEL/7 instance on AWS, we run `yum -y update` followed
> by the bash remediations from SSG using:
>   command: 'oscap xccdf eval --profile {{ scapprofile }} --remediate \
>     --results-arf /tmp/results-arf.xml --report /tmp/report.html \
>     /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml'
> But there are some remediations I don't want to run for an EC2 server such
> as install_smartcard_packages.sh and dracut-fips. Is there a way to
> prevent certain remediations from running?
> Thanks,
> =Fen
> _______________________________________________
> scap-security-guide mailing list -- scap-security-guide@lists.
> fedorahosted.org
> To unsubscribe send an email to scap-security-guide-leave@
> lists.fedorahosted.org
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org

Reply via email to