|
Packit |
517ee8 |
.TH autotailor "8" "April 2020" "Red Hat, Inc." "System Administration Utilities"
|
|
Packit |
517ee8 |
.SH NAME
|
|
Packit |
517ee8 |
autotailor \- CLI tool for tailoring of SCAP datastreams.
|
|
Packit |
517ee8 |
.SH DESCRIPTION
|
|
Packit |
517ee8 |
autotailor produces tailoring files that SCAP-compliant scanners can use to complement SCAP datastreams.
|
|
Packit |
517ee8 |
A tailoring file adds a new profile, which is supposed to extend a profile that is already present in the datastream.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
Tailoring can add or remove rules, and it can redefine contents of XCCDF variables.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
The tool requires datastream location and ID of the base profile as inputs.
|
|
Packit |
517ee8 |
Note however, that the referenced datastream is not opened, and the validity of tailoring is not checked against it.
|
|
Packit |
517ee8 |
The tool doesn't prevent you from extending non-existent profiles, selecting non-existent rules, and so on.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SH USAGE
|
|
Packit |
517ee8 |
.SS Modify a variable value
|
|
Packit |
517ee8 |
$ autotailor --var-value xccdf_org.ssgproject.content_value_var_screensaver_lock_delay=120 -o tailoring.xml ssg-rhel8-ds.xml xccdf_org.ssgproject.content_profile_pci_dss
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
The utility allows you to specify the ID namespace using the --namespace-id option, so you don't have to repeat the xccdf_org.ssgproject.content_... prefix everywhere.
|
|
Packit |
517ee8 |
The default namespace ID is actually org.ssgproject.content, so the following invocations are equivalent to the first one:
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
$ autotailor --var-value var_screensaver_lock_delay=120 --namespace-id org.ssgproject.content -o tailoring.xml ssg-rhel8-ds.xml pci_dss
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
$ autotailor --var-value var_screensaver_lock_delay=120 -o tailoring.xml ssg-rhel8-ds.xml pci_dss
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
The tailoring tailoring_file defines a new profile, xccdf_org.ssgproject.content_profile_pci_dss_customized, which alters the screensaver lock delay.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SS Perform more modifications
|
|
Packit |
517ee8 |
$ autotailor --var-value var_screensaver_lock_delay=120 --select gconf_gnome_screensaver_idle_delay --var-value inactivity_timeout_value=600 ssg-rhel8-ds.xml pci_dss
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
Use the --help option to learn about other options and their usage.
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SH REPORTING BUGS
|
|
Packit |
517ee8 |
.nf
|
|
Packit |
517ee8 |
Please report bugs using https://github.com/OpenSCAP/openscap/issues
|
|
Packit |
517ee8 |
|
|
Packit |
517ee8 |
.SH AUTHORS
|
|
Packit |
517ee8 |
.nf
|
|
Packit |
517ee8 |
Matěj Týč <matyc@redhat.com>
|
|
Packit |
517ee8 |
.fi
|