Fen, There is an RFE open in OpenSCAP for this very thing at https://github.com/OpenSCAP/openscap/issues/633
Outside of tailoring a profile, nothing super easy from the OpenSCAP side of the house. Gabe On Thu, Mar 1, 2018 at 8:59 PM, Fen Labalme <[email protected]> wrote: > The goal is to create a hardened EC2 server on AWS from scratch. After > provisioning a new RHEL/7 instance on AWS, we run `yum -y update` followed > by the bash remediations from SSG using: > > command: 'oscap xccdf eval --profile {{ scapprofile }} --remediate \ > --results-arf /tmp/results-arf.xml --report /tmp/report.html \ > /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml' > > But there are some remediations I don't want to run for an EC2 server such > as install_smartcard_packages.sh and dracut-fips. Is there a way to > prevent certain remediations from running? > > Thanks, > =Fen > > > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists. > fedorahosted.org > To unsubscribe send an email to scap-security-guide-leave@ > lists.fedorahosted.org > >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
