Hello, I am quite new to this. I am trying to figure out how things works and how to use compliance as code. I am interested in STIG compliance.
As recommended, I ran the script called "create_stig_overlay.py". It created a new stig_overly.xml file. The file is interesting as it provide the link between STIG rules and complianceascode rules. Is it correct? I noticed the script create a one to one relation between rules in STIG and rules in compliance as code. For instance the first STIG rule: "The Red Hat Enterprise Linux operating system must be configured so that the file permissions, ownership, and group membership of system files and commands match the vendor values. " It mentions ownership and permission. The STIG profile in complianceascode has both rpm_verify_ownership and rpm_verify_permissions. But the created overlay only map to one of those rule .... and not always the same to the stig rule above. So my question: is this intended or is there an issue here? Or may be I missed something else? If you have any comment to help me to progress, I will be gratefull. Regards, Marc _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org
