RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1234268 - [RFE] Guide for developing SCAP contents
Summary: [RFE] Guide for developing SCAP contents
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: scap-workbench
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: pre-dev-freeze
: ---
Assignee: Martin Preisler
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 260381
TreeView+ depends on / blocked
 
Reported: 2015-06-22 08:52 UTC by David Juran
Modified: 2018-10-31 13:53 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-10-31 13:53:09 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description David Juran 2015-06-22 08:52:50 UTC 
We have a guide on how to use SCAP together with Satellite 6 but since every customer has his own security policy, it would be really useful if we had a Red Hat sanctioned guide on how to encode ones security policy into SCAP content.
Comment 1 RHEL Program Management 2015-06-22 09:12:32 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 3 Shawn Wells 2015-06-24 18:02:01 UTC 
Authoring a guide to writing SCAP content would be akin to authoring a guide to writing C++ code. It's a bit out of scope for Red Hat. Such material can be bought on Amazon (e.g. http://www.amazon.com/Security-Automation-Essentials-Streamlined-Enterprise/dp/0071772510/ref=sr_1_3?ie=UTF8&qid=1435168817&sr=8-3&keywords=scap).

With that said, perhaps this BugZilla could pivot to create documentation on "Using SCAP Workbench to Create Custom Security Configuration Baselines." With SCAP Workbench now shipping in RHEL7, this seems much more in scope and useful.
Comment 4 David O'Brien 2015-06-24 23:26:47 UTC 
(In reply to Shawn Wells from comment #3)
> Authoring a guide to writing SCAP content would be akin to authoring a guide
> to writing C++ code. It's a bit out of scope for Red Hat. Such material can
> be bought on Amazon (e.g.
> http://www.amazon.com/Security-Automation-Essentials-Streamlined-Enterprise/
> dp/0071772510/ref=sr_1_3?ie=UTF8&qid=1435168817&sr=8-3&keywords=scap).
> 
> With that said, perhaps this BugZilla could pivot to create documentation on
> "Using SCAP Workbench to Create Custom Security Configuration Baselines."
> With SCAP Workbench now shipping in RHEL7, this seems much more in scope and
> useful.

Disclaimer: I don't know much about SCAP.

I do, however, completely agree with this sentiment. Our documentation resources are spread so thin we can't properly cover what's expected of us; we don't need to branch out into writing books of this nature when there are already suitable works available.

I think we should be focusing on what our customers are doing or want to do with our products, and writing content that helps them to achieve that. 
1. Here is the task. 
2. Here is the tool for the job. 
3. This is how you use 2. to achieve 1.
Comment 5 David Juran 2015-06-30 12:49:20 UTC 
Sounds all very reasonable to me.
Comment 6 Shawn Wells 2015-07-01 17:59:13 UTC 
Reassigning BZ to the SCAP Workbench queue, since the goal is to author documentation on using Workbench to tailor SCAP content that's shipping natively in RHEL.

(this also adds Martin Priesler, the maintainer of SCAP Workbench, into the conversation)
Comment 8 Martin Preisler 2015-07-09 17:28:55 UTC 
We can use the existing SCAP Workbench User Manual as source material for this documentation, see https://fedorahosted.org/scap-workbench/raw-attachment/wiki/UserManual/user_manual.html

I'd appreciate any feedback about what's missing in the manual.
Comment 9 Marek Haicman 2016-05-03 09:34:56 UTC 
Hello Martin,
I would welcome explicit section in SCAP Workbench manual [or anywhere on open-scap.org portal] describing how to introduce new rules [even by frankensteining rules present in content]. Basically what to do, when I have custom system, and want to use openscap for my own purposes.

Because right now, the information about this scenario is simply not there. [even the information that you have to do it either by hand, or via SCE engine, or cannot do it at all].
Comment 10 Shawn Wells 2018-08-20 15:57:40 UTC 
This BZ has been kicked down the road for multiple years and is just embarrassing at this point. Suggest closing as WONTFIX. 

Refer to comment #3.

With the endless backlog that exists today, having this linger for multiple more years is not useful to anyone.
Note You need to log in before you can comment on or make changes to this bug.