Comments (5)
dodys
commented on June 12, 2024
for firewall rules you will need to use a tailoring file to select the firewall you want. By default the profile is enabled for nftables only.
from content.
marcofortina
commented on June 12, 2024
for firewall rules you will need to use a tailoring file to select the firewall you want. By default the profile is enabled for nftables only.
Hello! Could you please explain as to use a tailoring file?
Thanks
from content.
dodys
commented on June 12, 2024
for firewall rules you will need to use a tailoring file to select the firewall you want. By default the profile is enabled for nftables only.
Hello! Could you please explain as to use a tailoring file?
Thanks
you can either use scap-workbench or use autotailor
for more information see: https://github.com/OpenSCAP/openscap/blob/main/docs/manual/manual.adoc#61-creating-tailoring-files
from content.
marcofortina
commented on June 12, 2024
for firewall rules you will need to use a tailoring file to select the firewall you want. By default the profile is enabled for nftables only.
Hello! Could you please explain as to use a tailoring file?
Thanksyou can either use scap-workbench or use autotailor for more information see: https://github.com/OpenSCAP/openscap/blob/main/docs/manual/manual.adoc#61-creating-tailoring-files
Could you please guide me to do this writing a step-by-step procedure for dummies?
Thanks
from content.
dodys
commented on June 12, 2024
for firewall rules you will need to use a tailoring file to select the firewall you want. By default the profile is enabled for nftables only.
Hello! Could you please explain as to use a tailoring file?
Thanksyou can either use scap-workbench or use autotailor for more information see: https://github.com/OpenSCAP/openscap/blob/main/docs/manual/manual.adoc#61-creating-tailoring-files
Could you please guide me to do this writing a step-by-step procedure for dummies?
Thanks
You will need to install openscap-utils in a newer release of ubuntu for that as the tool is only packaged in openscap 1.3.
Then you can:
$ autotailor --select package_ufw_installed --select service_nftables_disabled --select package_nftables_removed --unselect package_nftables_installed --unselect package_ufw_removed --output csl2.xml -p xccdf_org.ssgproject.content_profile_cis_level2_server_customized ssg-ubuntu2204-ds.xml xccdf_org.ssgproject.content_profile_cis_level2_server
That generates a csl2.xml file that you can use with oscap.
With that you can follow
https://github.com/OpenSCAP/openscap/blob/main/docs/manual/manual.adoc#using-tailoring-files
from content.
Related Issues (20)
- mount_option_boot_nosuid fails to remediate with Ansible HOT 6
- chronyd_or_ntpd_set_maxpoll is not remediated by Ansible HOT 2
- firewalld_sshd_port_enabled fails to remediate on aarch64 HOT 5
- accounts_umask_etc_bashrc is misaligned with RHEL 9 STIG HOT 4
- `audit_rules_networkconfig_modification_network_scripts` is broken in Automatus
- zipl_bootmap_is_up_to_date is failing after Ansible remediation HOT 2
- test scenarios for firewalld_sshd_port_enabled are failing on RHEL 8.6 HOT 4
- test scenario for service_bluetooth_disabled is not causing expected fail HOT 3
- Should files in /tmp be checked for permissions when using tmpfs?
- OpenSCAP Ubuntu 20.04 STIG Profile Issue with Banner Test HOT 2
- mount_option_nodev_nonroot_local_partitions reported as failing after scan of IB created image HOT 1
- Fedora Workstation 40 Remediations
- aide_use_fips_hashes fails after remediation HOT 1
- Failed on "Set SELinux boolean ssh_sysadm_login accordingly" HOT 2
- Automatus rule-based testing fails when no profile is specified HOT 2
- Multiple formats used in NIST 800-53 control ID references HOT 2
- Test scenarios fail for SCE-only rules if built without SCE HOT 1
- Playbook stops at TASK [Ensure NetworkManager is installed] HOT 2
- chronyd_or_ntpd_set_maxpoll fails after RHEL 7 STIG remediation HOT 2
- [Product Removal Request] RHEL7 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from content.