Hi Tim,
You're correct, the rules that are evaluated as "notchecked" when
don't have any OVAL check available. It's usually because the rule
description has been created but OVAL hasn't been developed yet. Some
of the rules are "work in progress" (see opened PRs). Any
contributions are welcome :-) The complexity of developing an OVAL
check is individual. Sometimes the OVAL check exists in the repository
but it isn't marked as applicable to RHEL 7. In that case it's just
about adding a platform element in the OVAL, which is a one line
change. Sometimes the OVAL can be generated from a template - we have
a lot of templates in shared/templates. For examples, the OVAL checks
that check whether a package is installed are generated from a
template. If the template is available, it is enough to fill in data
to a corresponding CSV file and OVAL will be generated. In the worst
case the OVAL needs to be written from scratch. We have Jinja macros
in shared/macros-oval.jinja that can generate some parts of OVAL code.
If you're interested in contributing, the developer guide at
https://github.com/ComplianceAsCode/content/blob/master/docs/manual/devel...
is a good start.
Best regards
On Fri, Aug 9, 2019 at 6:54 AM Tim Burress <taj(a)fedoraproject.org> wrote:
As you know, I'm still learning my way around, so forgive me if this is lore
everybody already knows, but after upgrading to 0.1.45 I noticed that there are, within
the RHEL7 family, about 190 rules that come up as 'notchecked' (including some new
rules added in 0.1.45). As far as I have seen, the main reason a rule gets that
designation, as opposed to 'notapplicable' is when there is no OVAL content
available. Are these the kinds of things were a new person might be able to contribute
something or are these (as I suspect) "works in progress" that someone is
already dealing with?
Thanks!
_______________________________________________
scap-security-guide mailing list -- scap-security-guide(a)lists.fedorahosted.org
To unsubscribe send an email to scap-security-guide-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fe...
--
Jan Černý
Security Technologies | Red Hat, Inc.