Getting a "diff" of two different OSCAP releases? #10509
Unanswered
PeterWhittaker
asked this question in
Q&A
Replies: 1 comment 1 reply
-
You are probably looking in a wrong direction, the |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Apologies if this is the wrong forum, I've been trying to determine the best place to pose this question, but haven't had much luck (the oscap anaconda add-on mailing list, e.g., has very little traffic and the last few Qs remain unanswered).
I am trying to get a "diff" of the commands that are executed as part of applying different releases of the
oscap-anaconda-addon
, specifically the STIGs applied inRHEL 7.9
and inAlmaLinux 9.1
. Context: We have a security appliance that was originally based on RedHat 7.9 and are migrating it to AlmaLinux 9.1. There has been a lot of "empirical discovery" so far as we run into configuration differences between the two platforms.Most of these we can resolve fairly readily, but the OSCAP differences are opaque, given that they are ultimately based on differences in the underlying
openscap
packages, which are complex.Ideally, I'd like to know what remediation commands are run by the add-on for each release. I'd be happy with some direction that would allow me to write a program that parses different versions of
openscap
using an appropriate "key" and returns the list of mitigation commands, which I could then compare.Any and all guidance will be warmly received! Thank you!
Beta Was this translation helpful? Give feedback.
All reactions