Hello,
as far as I know, SSG content currently does not support SCE checks. Our
users seem to prefer standardized check language, in this case OVAL.
However, SCE engine can be installed as part of Openscap scanner. So if
you manage to create a datastream which contains SCE checks, you can use
Openscap to scan your systems.
If there is a need, I believe there could be implemented a change into
build system which would allow to include SCE checks into the resulting
datastream.
At the same time I think that there is a low chance of including such
checks into upstream project. So you would probably have to create a
fork and develop your SCE checks there.
Does that help?
Best regards,
Vojta
Dne 31. 07. 20 v 21:35 N B napsal(a):
Could anyone speak to SSG support for check content written for SCE (vs. OVAL)?
The developer's guide (section 7 intro) implies XCCDF check content is not
required to be in OVAL, but in fleshing out support for checks later in that
section it's hard to see how anything but shorthand OVAL could be supported.
If not SCE directly, might it be possible to somehow use raw XCCDF snippets to
incorporate SCE check content?
I'm on the hook to support some custom content for an internal need, and have
found OVAL to be a bit inflexible (unless I want to propose extensions to OVAL
itself which is a bit beyond the scope I can take on at the moment). One
example is retrieving additional metadata from an RPM beyond what OVAL's
rpminfo supports.
Admittedly, since my effort is internal, I'm misusing SSG in the sense that I
wouldn't be contributing the custom content back to the SSG repo. SSG still
offers an excellent framework for my isolated situation though, except that
without support for non-OVAL checks, I'm not sure if I can author the content i
need with it.
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
