Hi Alex,

As a user, I couldn't figure out how to do this using command line arguments.

The code for the FIPS stripping is at https://github.com/ComplianceAsCode/content/blob/master/build-scripts/enable_derivatives.py#L98 and you may be able to figure out how to graft in some Python to do what you need from that.

That said, what is the benefit of stripping out everything else besides size?

Trevor

On Mon, Mar 11, 2019 at 9:57 AM Alexander Bergmann <abergmann@suse.com> wrote:
Hi everyone,

I'm currently checking if it is possible to strip down everything
unneeded from a generated XCCDF, OVAL or DS file or to include just the
needed rules and OVAL definitions for a certain profile during
generation.

For example:

When I generate the rhel7/sle12 output after running the cmake script,
all profiles are included inside the XCCDF and DS files.

Furthermore all OVAL definitions get included even if they are not part
of any listed profile. I understand that this are two pair shoes. I'm
just curious if there is a way to limit the OVAL output only to those
definitions that are actually needed for the defined profiles.

So, is it possible to limit the output generation to a single profile
and to limit the OVAL output as well?

This is interesting especially for the DS output where I want to have a
small file with all needed tests and definitions for just one profile.

Any hint or direction is appreciated. ;)


Regards,
Alex~

--
Alexander Bergmann <abergmann@suse.com>, Security Engineer, GPG:9FFA4886
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE4wplpA9QAGaytfYU3lTodZ/6SIYFAlyGaSkACgkQ3lTodZ/6
SIbBogf/TvJ4ACrIMST/0NPlWifg+ewJbVtbZveuxIy5eCu3ebLCKhbIRNJsmf5r
BnVOct2WaiEpJsbh2mKb0ntjQLEyIV1QY0e0GXjBbeItbddGGlwhEijmfCbAzF6k
q8EXCcnXWjb7guMXcibj0MitUgkIxHOi8dZ7ugvdbric07XV0KUZCZiMuo9RY5O5
mEm+GwmMwdDunzUuZ/+HxmSJP3YsK+AlTuGMTpl/TMq1jE/I578xnDoMUroE57LG
61x9+h7Rd1rVnlTuMkMLB58GWvYWI59HMNnYkqgXmM6/TFQM7tpDyM8Gk2x6ifLy
/lRURpYA6zldXlAenICWdGODDibtOg==
=wGuh
-----END PGP SIGNATURE-----
_______________________________________________
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org


--
Trevor Vaughan
Vice President, Onyx Point, Inc
(410) 541-6699 x788

-- This account not approved for unencrypted proprietary information --