Re: RHEL 7.4 oscap-anaconda - profile descriptions
On 8/3/17 2:53 PM, Shawn Wells wrote: > > > On 8/3/17 11:35 AM, Watson Yuuma Sato wrote: >> On 03/08/17 15:36, Watson Yuuma Sato wrote: >>> On 03/08/17 11:07, Marek Haicman wrote: On 08/03/2017 02:28 AM, Shawn Wells wrote: > Hey Guys > > Just downloaded the RHEL 7.4 installation media and attempted > to use the oscap-anaconda features. Selected "security" during the > installer, and noticed a few things: > > (1) The CUI/NIST 800-171 profile has the description from OSPP: > > > (2) There are multiple RHEL7 STIG options: > > > I'm not sure how/why this is happening. > > The 800-171 profile does extend OSPP. Do we need a "extends" for > the profile description field? > https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/7/input/profiles/nist-800-171-cui.xml > > > > > ___ > scap-security-guide mailing list -- > scap-security-guide@lists.fedorahosted.org > To unsubscribe send an email to > scap-security-guide-le...@lists.fedorahosted.org > Hey Shawn, ad (2) this is known issue https://bugzilla.redhat.com/show_bug.cgi?id=1437106 For (1) that description is the same that SCAP Workbench displays, and oscap generates from the guides (as can be seen http://static.open-scap.org/ssg-guides/ssg-rhel7-guide-index.html). Extend concatenates description of extended profile and the extending one. Is it a bug? >>> This is not a bug. >>> To replace extended description, extending description element >>> should have attribute override="true", like the title element has. >> Well, this is a bug if description of CUI/NIST 800-171 is not >> expected to be appended to description of OSPP Profile. > > IMHO it comes down to the profiles not including "override=true" in > the profile descriptions. > > Never knew they were needed. How come we didn't have this problem in > earlier editions of oscap-anaconda? The profiles don't seem to have > override=true in the description field, but in prior RHEL releases > things were OK. PR submitted: https://github.com/OpenSCAP/scap-security-guide/pull/2203 ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
Re: RHEL 7.4 oscap-anaconda - profile descriptions
On 8/3/17 11:35 AM, Watson Yuuma Sato wrote: > On 03/08/17 15:36, Watson Yuuma Sato wrote: >> On 03/08/17 11:07, Marek Haicman wrote: >>> On 08/03/2017 02:28 AM, Shawn Wells wrote: Hey Guys Just downloaded the RHEL 7.4 installation media and attempted to use the oscap-anaconda features. Selected "security" during the installer, and noticed a few things: (1) The CUI/NIST 800-171 profile has the description from OSPP: (2) There are multiple RHEL7 STIG options: I'm not sure how/why this is happening. The 800-171 profile does extend OSPP. Do we need a "extends" for the profile description field? https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/7/input/profiles/nist-800-171-cui.xml ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org >>> Hey Shawn, >>> ad (2) this is known issue >>> https://bugzilla.redhat.com/show_bug.cgi?id=1437106 >>> >>> For (1) that description is the same that SCAP Workbench displays, >>> and oscap generates from the guides (as can be seen >>> http://static.open-scap.org/ssg-guides/ssg-rhel7-guide-index.html). >>> Extend concatenates description of extended profile and the >>> extending one. Is it a bug? >> This is not a bug. >> To replace extended description, extending description element should >> have attribute override="true", like the title element has. > Well, this is a bug if description of CUI/NIST 800-171 is not expected > to be appended to description of OSPP Profile. IMHO it comes down to the profiles not including "override=true" in the profile descriptions. Never knew they were needed. How come we didn't have this problem in earlier editions of oscap-anaconda? The profiles don't seem to have override=true in the description field, but in prior RHEL releases things were OK. -- Shawn Wells Chief Security Strategist North America Public Sector sh...@redhat.com | 443-534-0130 ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
Re: RHEL 7.4 oscap-anaconda - profile descriptions
On 03/08/17 15:36, Watson Yuuma Sato wrote: On 03/08/17 11:07, Marek Haicman wrote: On 08/03/2017 02:28 AM, Shawn Wells wrote: Hey Guys Just downloaded the RHEL 7.4 installation media and attempted to use the oscap-anaconda features. Selected "security" during the installer, and noticed a few things: (1) The CUI/NIST 800-171 profile has the description from OSPP: (2) There are multiple RHEL7 STIG options: I'm not sure how/why this is happening. The 800-171 profile does extend OSPP. Do we need a "extends" for the profile description field? https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/7/input/profiles/nist-800-171-cui.xml ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Hey Shawn, ad (2) this is known issue https://bugzilla.redhat.com/show_bug.cgi?id=1437106 For (1) that description is the same that SCAP Workbench displays, and oscap generates from the guides (as can be seen http://static.open-scap.org/ssg-guides/ssg-rhel7-guide-index.html). Extend concatenates description of extended profile and the extending one. Is it a bug? This is not a bug. To replace extended description, extending description element should have attribute override="true", like the title element has. Well, this is a bug if description of CUI/NIST 800-171 is not expected to be appended to description of OSPP Profile. Marek ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org -- Watson Sato Security Technologies | Red Hat, Inc ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
Re: RHEL 7.4 oscap-anaconda - profile descriptions
On 03/08/17 11:07, Marek Haicman wrote: On 08/03/2017 02:28 AM, Shawn Wells wrote: Hey Guys Just downloaded the RHEL 7.4 installation media and attempted to use the oscap-anaconda features. Selected "security" during the installer, and noticed a few things: (1) The CUI/NIST 800-171 profile has the description from OSPP: (2) There are multiple RHEL7 STIG options: I'm not sure how/why this is happening. The 800-171 profile does extend OSPP. Do we need a "extends" for the profile description field? https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/7/input/profiles/nist-800-171-cui.xml ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Hey Shawn, ad (2) this is known issue https://bugzilla.redhat.com/show_bug.cgi?id=1437106 For (1) that description is the same that SCAP Workbench displays, and oscap generates from the guides (as can be seen http://static.open-scap.org/ssg-guides/ssg-rhel7-guide-index.html). Extend concatenates description of extended profile and the extending one. Is it a bug? This is not a bug. To replace extended description, extending description element should have attribute override="true", like the title element has. Marek ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org -- Watson Sato Security Technologies | Red Hat, Inc ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org
Re: RHEL 7.4 oscap-anaconda - profile descriptions
On 08/03/2017 02:28 AM, Shawn Wells wrote: Hey Guys Just downloaded the RHEL 7.4 installation media and attempted to use the oscap-anaconda features. Selected "security" during the installer, and noticed a few things: (1) The CUI/NIST 800-171 profile has the description from OSPP: (2) There are multiple RHEL7 STIG options: I'm not sure how/why this is happening. The 800-171 profile does extend OSPP. Do we need a "extends" for the profile description field? https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/7/input/profiles/nist-800-171-cui.xml ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org Hey Shawn, ad (2) this is known issue https://bugzilla.redhat.com/show_bug.cgi?id=1437106 For (1) that description is the same that SCAP Workbench displays, and oscap generates from the guides (as can be seen http://static.open-scap.org/ssg-guides/ssg-rhel7-guide-index.html). Extend concatenates description of extended profile and the extending one. Is it a bug? Marek ___ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-le...@lists.fedorahosted.org