Re: [Open-scap] Change an existing tailoring file with scap-workbench
Hello Mathias, thanks for pointing this out! You are right, and it's actually perceivable even in the attached files in bugzilla. I have updated RHBZ with clarification, and created upstream issue. [1] There's probably nothing more we can do on mailing list, so feel free to comment/watch bug more relevant to you :) Regards, Marek [1] https://github.com/OpenSCAP/scap-workbench/issues/139 On 09/06/2017 01:09 PM, Mathias Münch wrote: Hi Marek, thank you for the answer. I am afraid it is worse than that, there are also rules added to the new file. See an example diff below. Shall I change the tracking to bugzilla or stay on the mailing list? Best regards, Mathias Am 04.09.2017 um 16:10 schrieb Marek Haicman: Err, clicked reply instead of reply-all :) On 09/04/2017 03:36 PM, Marek Haicman wrote: On 09/03/2017 01:55 PM, Mathias Münch wrote: Hello! When I create a tailoring file with the scap workbench (SCAP Workbench 1.1.5, compiled with Qt 4.8.7, using OpenSCAP 1.2.14) everything works fine for the original customization. Now when I load the tailoring file again into the workbench in order to change things (e.g. re-enable one rule) and save, then the "extends" attribute is gone from the Profile tag and lots of additional rules (that I did not touch) are added to the tailoring. Am I missing some point or is this expected behaviour? Best regards, Mathias ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list Hello Mathias, thank you for the report! This issue has been already reported in RHBZ, https://bugzilla.redhat.com/show_bug.cgi?id=1454455 it's not expected behaviour. :) Please take a look at your reproducer, if only groups are newly added there. In that case, it SHOULD be harmless. Thanks! Marek ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] Change an existing tailoring file with scap-workbench
Hi Marek, thank you for the answer. I am afraid it is worse than that, there are also rules added to the new file. See an example diff below. Shall I change the tracking to bugzilla or stay on the mailing list? Best regards, Mathias Am 04.09.2017 um 16:10 schrieb Marek Haicman: > Err, clicked reply instead of reply-all :) > > On 09/04/2017 03:36 PM, Marek Haicman wrote: >> On 09/03/2017 01:55 PM, Mathias Münch wrote: >>> Hello! >>> >>> When I create a tailoring file with the scap workbench (SCAP Workbench >>> 1.1.5, compiled with Qt 4.8.7, using OpenSCAP 1.2.14) everything works >>> fine for the original customization. >>> >>> Now when I load the tailoring file again into the workbench in order to >>> change things (e.g. re-enable one rule) and save, then the "extends" >>> attribute is gone from the Profile tag and lots of additional rules >>> (that I did not touch) are added to the tailoring. >>> >>> Am I missing some point or is this expected behaviour? >>> >>> Best regards, >>> >>> Mathias >>> >>> ___ >>> Open-scap-list mailing list >>> Open-scap-list@redhat.com >>> https://www.redhat.com/mailman/listinfo/open-scap-list >>> >> >> Hello Mathias, >> thank you for the report! This issue has been already reported in >> RHBZ, https://bugzilla.redhat.com/show_bug.cgi?id=1454455 it's not >> expected behaviour. :) Please take a look at your reproducer, if only >> groups are newly added there. In that case, it SHOULD be harmless. >> >> Thanks! >> Marek > 5c5 < --- >id="xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream_customized"> 7a8,189 > idref="xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_require_singleuser_auth" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_disable_interactive_boot" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_service_debug-shell_disabled" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_source_route" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_service_chronyd_or_ntpd_enabled" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_chronyd_or_ntpd_specify_remote_server" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_wireless_disable_in_bios" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_wireless_disable_interfaces" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_service_bluetooth_disabled" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_service_telnet_disabled" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_package_telnet-server_removed" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_package_telnet_removed" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_package_rsh-server_removed" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_service_rexec_disabled" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_service_rsh_disabled" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_package_rsh_removed" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_service_rlogin_disabled" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_no_rsh_trust_files" selected="true"/> > idref="xccdf_org.ssgproject.content_rule_package_ypserv_removed" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_service_ypbind_disabled" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_package_ypbind_removed" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_package_talk-server_removed" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_package_talk_removed" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_service_crond_enabled" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_sshd_disable_rhosts" > selected="true"/> > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_enable_selinux_bootloader" > selected="true"/> > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_selinux_policytype" selected="true"/> > idref="xccdf_org.ssgproject.content_rule_accounts_no_uid_except_zero" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_gid_passwd_group_same" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_file_permissions_sshd_pub_key" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned" > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_no_files_unowned_by_user" > selected="true"/> > selected="true"/> > selected="true"/> > idref="xccdf_org.ssgproject.content_rule_sysctl_kernel_exec_shield" > selected="true"/> >