Hello,
as far as I know, SSG content currently does not support SCE checks. Our
users seem to prefer standardized check language, in this case OVAL.
However, SCE engine can be installed as part of Openscap scanner. So if
you manage to create a datastream which contains SCE checks, you can use
Openscap to scan your systems.
If there is a need, I believe there could be implemented a change into
build system which would allow to include SCE checks into the resulting
datastream.
At the same time I think that there is a low chance of including such
checks into upstream project. So you would probably have to create a
fork and develop your SCE checks there.
Does that help?
Best regards,
Vojta
Dne 31. 07. 20 v 21:35 N B napsal(a):
Could anyone speak to SSG support for check content written for SCE
(vs. OVAL)? The developer's guide (section 7 intro) implies XCCDF check content is
not required to be in OVAL, but in fleshing out support for checks later in that section
it's hard to see how anything but shorthand OVAL could be supported. If not SCE
directly, might it be possible to somehow use raw XCCDF snippets to incorporate SCE check
content?
I'm on the hook to support some custom content for an internal need, and have found
OVAL to be a bit inflexible (unless I want to propose extensions to OVAL itself which is a
bit beyond the scope I can take on at the moment). One example is retrieving additional
metadata from an RPM beyond what OVAL's rpminfo supports.
Admittedly, since my effort is internal, I'm misusing SSG in the sense that I
wouldn't be contributing the custom content back to the SSG repo. SSG still offers an
excellent framework for my isolated situation though, except that without support for
non-OVAL checks, I'm not sure if I can author the content i need with it.
_______________________________________________
scap-security-guide mailing list -- scap-security-guide(a)lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fe...