Sad face.
On Mon, Sep 16, 2013 at 10:35 PM, Shawn Wells <shawn(a)redhat.com> wrote:
On 9/16/13 10:31 PM, Jeffrey Blank wrote:
>
> Ah, this is an interesting point. I might be first interested in
> seeing generation of a kickstart %post script from the remediation
> content here, but this is definitely worth considering.
Backup copies of the files would be incredibly trivial to add.
As for KS file:
oscap xccdf eval --profile stig-rhel6-server \
--results /var/www/html/ssg-results/results.xml \
--report /var/www/html/ssg-results/report.html \
--cpe-dict ssg-rhel6-cpe-dictionary.xml \
ssg-rhel6-xccdf.xml ; \
oscap xccdf generate fix \
--result-id xccdf_org.open-scap_testresult_stig-rhel6-server \
/var/www/html/ssg-results/results.xml \
>/var/www/html/ssg-results/script.sh ; \
cat /var/www/html/ssg-results/script.sh
>
> Related: do we have a handle on how many changes are needed from a
> default RHEL installation?
~200
>
>
>
> On Mon, Sep 16, 2013 at 7:41 AM, Leam Hall<leamhall(a)gmail.com> wrote:
>>
>> >Shawn,
>> >
>> >One of the things I'm doing with Aqueduct is ensuring that we make
>> > backup
>> >copies of files. This is something my user base has strongly requested
>> > and
>> >their concerns are valid; if we run a fix tool with hundreds of changes,
>> > and
>> >the server looses functionality, being able to quickly see what was
>> > changed
>> >and fix/revert becomes critical.
>> >
>> >Leam
--
Shawn Wells
Director, Innovation Programs
shawn(a)redhat.com | 443.534.0130
@shawndwells
_______________________________________________
scap-security-guide mailing list
scap-security-guide(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide