Feature #14158
closed
Tailoring file support
Description
Would it be possible to reference a tailoring file in the config so something like this could be run?
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_rht-ccp_tailored --tailoring-file tailored-rhel6.xml
This puppet module could be changed to deliver the tailoring file and to make it different based on OS/hostgroup, etc https://github.com/theforeman/puppet-foreman_scap_client
One option would be to have a second parameter for foreman_scap_client that was 'custom options' ($2 below) that would let one pass any oscap options to the command such as --tailoring-file or anything else.
oscap xccdf eval --profile $1 $2
Updated by Marek Hulán over 7 years ago
- Project changed from 36 to OpenSCAP
- Triaged set to No
Updated by Marek Hulán over 7 years ago
- Subject changed from tailoring file to Tailoring file support
- Target version set to 115
I think we could allow uploading tailoring files to Foreman and then allowing to select uploaded tailoring file on policy level. Since policies are normally applied per host group this should be enough. If different OSes needs different tailoring files, this would mean also different policies per OS but I think also XCCDF profiles are usually different for different OSes.
More technical things - tailoring file would have to be stored on OpenSCAP enabled proxy, foreman_scap_client would have to be able to detect it needs to download it from there. Therefore puppet module and ENC would require one more parameter - tailoring file.
Updated by Marek Hulán over 7 years ago
- Target version changed from 115 to 1.4.4
Updated by Ondřej Pražák over 7 years ago
- Status changed from New to Assigned
- Assignee set to Ondřej Pražák
Updated by The Foreman Bot over 7 years ago
- Status changed from Assigned to Ready For Testing
- Pull request https://github.com/theforeman/smart_proxy_openscap/pull/39 added
Updated by The Foreman Bot over 7 years ago
- Pull request https://github.com/theforeman/foreman_openscap/pull/225 added
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.4.4 to 1.10.1
Updated by The Foreman Bot over 7 years ago
- Pull request https://github.com/theforeman/foreman_openscap/pull/231 added
Updated by Marek Hulán over 7 years ago
- Target version changed from 1.10.1 to 1.10.2
Updated by Marek Hulán over 7 years ago
- Pull request deleted (
https://github.com/theforeman/foreman_openscap/pull/231)
Updated by Marek Hulán over 7 years ago
- Pull request https://github.com/theforeman/puppet-foreman_scap_client/pull/31 added
Updated by Marek Hulán over 7 years ago
- Pull request https://github.com/theforeman/foreman_scap_client/pull/18 added
Updated by Marek Hulán over 7 years ago
- translation missing: en.field_release set to 200
Updated by Ondřej Pražák over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset foreman_openscap|7ce8992c7e5024bb585fe06d98d611fd08f8dfa3.
Updated by Marek Hulán about 7 years ago
- Status changed from Closed to Ready For Testing
- Target version changed from 1.10.2 to 1.11.4
- Pull request https://github.com/theforeman/foreman_scap_client/pull/19 added
foreman_scap_client version supporting this 0.3.0
Updated by Marek Hulán about 7 years ago
- Target version changed from 1.11.4 to 1.12.1
Updated by Marek Hulán about 7 years ago
- Status changed from Ready For Testing to Closed
smart_proxy_openscap 0.6.1
hammer_cli_foreman_openscap 0.1.3