Re: [Open-scap] OpenSCAP for embedded/network devices
On 15/03/17 17:24, Eric Holtzclaw wrote: You do have support for Cisco http://www.cisco.com/c/en/us/about/security-center/oval-security-automation.html I see that Cisco provides OVAL content to scan their devices, and even provides an example of how to do so, but using joval, which can perform remote scanning without installation of any agent. I still don't see how to scan Cisco devices with OpenSCAP. Am I missing something? -- Watson Sato Security Technologies | Red Hat, Inc ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
[Open-scap] customizing remediation
I am missing something when it comes to generating a customized fix script. 1. In SCAP Workbench I deselect rules I do not want. 2. I save the customization file. 3. When I scan with the customization file, it still reports evaluation results on *some* of the rules I deselected. 4. When I create the remediation script, with oscap xccdf generate fix, it generates a fix for the rules mentioned in 3. This is the command I run oscap xccdf generate fix --template urn:xccdf:fix:script:sh --profile xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream --output my-remediation-script.sh /usr/share/xml/scap/ssg/content/ssg-rhel7-ds-tailoring.xml i.e., using the tailored xccdf file. What am I missing? Thanks, Greg Silverman Veritas Technologies ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list