Hi Tim, You're correct, the rules that are evaluated as "notchecked" when don't have any OVAL check available. It's usually because the rule description has been created but OVAL hasn't been developed yet. Some of the rules are "work in progress" (see opened PRs). Any contributions are welcome :-) The complexity of developing an OVAL check is individual. Sometimes the OVAL check exists in the repository but it isn't marked as applicable to RHEL 7. In that case it's just about adding a platform element in the OVAL, which is a one line change. Sometimes the OVAL can be generated from a template - we have a lot of templates in shared/templates. For examples, the OVAL checks that check whether a package is installed are generated from a template. If the template is available, it is enough to fill in data to a corresponding CSV file and OVAL will be generated. In the worst case the OVAL needs to be written from scratch. We have Jinja macros in shared/macros-oval.jinja that can generate some parts of OVAL code. If you're interested in contributing, the developer guide at https://github.com/ComplianceAsCode/content/blob/master/docs/manual/developer_guide.adoc is a good start.
Best regards On Fri, Aug 9, 2019 at 6:54 AM Tim Burress <t...@fedoraproject.org> wrote: > > As you know, I'm still learning my way around, so forgive me if this is lore > everybody already knows, but after upgrading to 0.1.45 I noticed that there > are, within the RHEL7 family, about 190 rules that come up as 'notchecked' > (including some new rules added in 0.1.45). As far as I have seen, the main > reason a rule gets that designation, as opposed to 'notapplicable' is when > there is no OVAL content available. Are these the kinds of things were a new > person might be able to contribute something or are these (as I suspect) > "works in progress" that someone is already dealing with? > > Thanks! > _______________________________________________ > scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org > To unsubscribe send an email to > scap-security-guide-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org -- Jan Černý Security Technologies | Red Hat, Inc. _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
