----- Original Message -----
From: "Greg Elin" <gregelin(a)gitmachines.com>
To: "SCAP Security Guide" <scap-security-guide(a)lists.fedorahosted.org>
Sent: Tuesday, September 2, 2014 8:23:30 PM
Subject: Re: Best ways to say this system is not compliant
I would always highlight with a bright green that all rules pass and not
use any coloring for a failing system. Getting everything green is an
achievement. Anything else is just typical rather than failing.
So. For 100% passing (pseudo code):
<green>
Target device "my-server" is passing 223 of 223 rules defined in profile
"usgcb-rhel6-server"!
</green>
And for less than 100% passing (pseudo code):
<light gray background>
Target device "my-server" is passing 166 of 223 rules defined in profile
"usgcb-rhel6-server"!
Results show "my-server" failing <green>0 high severity
rules</green>, 16
medium severity rules, and 31 low severity rules of the profile. Also,
there were 10 rules indicating a known checking engine "error" or an
"unknown" problem.
</light gray background>
No, just no. I am drawing the line right there.
Other thoughts:
- It would be nice if the text block was easy to copy and paste to share
with someone. Which also makes me wonder if unique report ID can be
generated somehow to link back to this report.
Sure but openscap is too low-level for this feature. We have plans for
features like that in various SCAP integrations - cockpit, satellite 6, ...
--
Martin Preisler