On 8/3/17 11:35 AM, Watson Yuuma Sato
wrote:
On
03/08/17 15:36, Watson Yuuma Sato wrote:
On 03/08/17 11:07,
Marek Haicman wrote:
On 08/03/2017
02:28 AM, Shawn Wells wrote:
Hey Guys
Just downloaded the RHEL 7.4 installation media and
attempted to use the oscap-anaconda features. Selected
"security" during the installer, and noticed a few things:
(1) The CUI/NIST 800-171 profile has the description from
OSPP:
(2) There are multiple RHEL7 STIG options:
I'm not sure how/why this is happening.
The 800-171 profile does extend OSPP. Do we need a "extends"
for the profile description field?
https://github.com/OpenSCAP/scap-security-guide/blob/master/RHEL/7/input/profiles/nist-800-171-cui.xml
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
Hey Shawn,
ad (2) this is known issue https://bugzilla.redhat.com/show_bug.cgi?id=1437106
For (1) that description is the same that SCAP Workbench
displays, and oscap generates from the guides (as can be seen
http://static.open-scap.org/ssg-guides/ssg-rhel7-guide-index.html).
Extend concatenates description of extended profile and the
extending one. Is it a bug?
This is not a bug.
To replace extended description, extending description element
should have attribute override="true", like the title element
has.
Well, this is a bug if description of CUI/NIST 800-171 is not
expected to be appended to description of OSPP Profile.
IMHO it comes down to the profiles not including "override=true" in
the profile descriptions.
Never knew they were needed. How come we didn't have this problem in
earlier editions of oscap-anaconda? The profiles don't seem to have
override=true in the description field, but in prior RHEL releases
things were OK.
--
Shawn Wells
Chief Security Strategist
North America Public Sector
shawn@redhat.com | 443-534-0130