I don't quite follow. Is this a list of Rules for which no automated
checking is possible? Or is it a list of things whose remediation
cannot be automated?
(Essentially, will this be the set (or subset) of all Rules that cannot
be expressed in OVAL?) (Admittedly there are a few that may be
expressible in the SCE/scripts, but let us avoid that conversation for now.)
This is a big topic now. In transition_notes.xml, you will see a <note>
with a list of references from the RHEL 5 STIG which are policy/manual
checks; we are in the process of determining for the STIG profile (once
we understand fully what a STIG should be) whether these non-automatable
checks should be included.
On 08/13/2012 10:22 AM, Mike Palmiotto wrote:
Due to the need for handling Manual remediation of audits, I wanted
to
see if there was any interest in a Manual profile. We have one already
generated, and it helps establish a separation of content in remediation.
This should help address the OCIL void while it exists.
If there is any interest, I can submit a patch to the list. Otherwise,
we can carry a patch in CLIP.
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide