On 3/7/13 8:51 AM, Rodrian, Logan P (IS) wrote:
Has this always been the case that the CPE/Dictionary is needed for oscap execution? I ask because if this is a new feature, I will ping the SecState list about when they will be including the Dictionary as an argument to their program. Currently, secstate imports only an xccdf and will not work with the SSG v0.1-10....trying to resolve why this is.
Hey Logan, Sorry the messages were held up on the secstate list, I had to do some admin-approval thing; should be moving along. We can jump the specific follow-up over there shortly, but to hit the quick points in this thread: Last I checked the CPE stuff got auto-resolved by the backend OpenSCAP stuff that SecState was using. I know that we had content which would not work on CentOS by default because the CPE flags specified RHEL. I need to update to the latest OpenSCAP API and see if all of that still works, but with the versions you have I would not anticipate an issue.
If you do a 'secstate list -ar' it should show you all of your selections marked with [X], and nonselected content with [ ]. If everything is nonselected then you can use 'secstate select -r <benchmark-id> <rule/group-id>' to do recursive group selections.
- Francisco
Logan Rodrian