Has someone checked out the script in DISA's STIG Release? ->U_Red_Hat_Enterprise_Linux_7_V1R0-1_Manual_STIG/Test/stig_refs.sh I find the instructions alarming on how to use the script. It is to be placed in the RHEL 5 folder (scap-security-guide project) and run..... ....am I off in left field here? What happens during make rhel7-dist -> content? Is this where/how the DRAFT was created?
This was a script I created to facilitate in updating STIG references within SCAP content.
It was intended to address the challenge of keeping the SCAP content in alignment with current STIG content.
In general, the script parses through each STIG requirement in the STIG overlay file, finds the associated rule id, then updates the STIG overlay file and the rule id references with the following data from the STIG:
- Requirement Title - CCI - CCE - Severity - SVKey - VRelease - IA Controls
This helps reduce allot of the administrative overhead so that more focus can be directed to the actual content.
On Wed, 2016-02-17 at 14:14 +0000, Mike Kuhnkey wrote:
Has someone checked out the script in DISA's STIG Release? ->U_Red_Hat_Enterprise_Linux_7_V1R0-1_Manual_STIG/Test/stig_refs.sh I find the instructions alarming on how to use the script. It is to be placed in the RHEL 5 folder (scap-security-guide project) and run..... ....am I off in left field here? What happens during make rhel7-dist -> content? Is this where/how the DRAFT was created? -- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/scap-security-guide@lists.fedorah... https://github.com/OpenSCAP/scap-security-guide/
Is reference to RHEL-5 dated? I'm confused why the RHEL-5 reference in the script on the DRAFT RHEL-7 STIG?
On 02/17/2016 03:14 PM, Mike Kuhnkey wrote:
Has someone checked out the script in DISA's STIG Release? ->U_Red_Hat_Enterprise_Linux_7_V1R0-1_Manual_STIG/Test/stig_refs.sh I find the instructions alarming on how to use the script. It is to be placed in the RHEL 5 folder (scap-security-guide project) and run..... ....am I off in left field here? What happens during make rhel7-dist -> content? Is this where/how the DRAFT was created?
More exactly the script reads:
# Extract the xccdf file into the root project folder (i.e. RHEL\5),
I think we should replace "i.e." with "e.g." here. Given the script is no longer used exclusive for RHEL-5. Thoughts?
~š.
On 3/9/16 7:58 AM, Šimon Lukašík wrote:
On 02/17/2016 03:14 PM, Mike Kuhnkey wrote:
Has someone checked out the script in DISA's STIG Release? ->U_Red_Hat_Enterprise_Linux_7_V1R0-1_Manual_STIG/Test/stig_refs.sh I find the instructions alarming on how to use the script. It is to be placed in the RHEL 5 folder (scap-security-guide project) and run..... ....am I off in left field here? What happens during make rhel7-dist -> content? Is this where/how the DRAFT was created?
The PR that merged this was from Trey, almost a year ago: https://github.com/OpenSCAP/scap-security-guide/pull/452
IIRC, it's meant for content authoring, ensuring alignment between SSG and FSO XCCDF rules.
More exactly the script reads:
# Extract the xccdf file into the root project folder (i.e. RHEL\5),
I think we should replace "i.e." with "e.g." here. Given the script is no longer used exclusive for RHEL-5. Thoughts?
Makes sense.
scap-security-guide@lists.fedorahosted.org