oracular (8) autotailor.8.gz

Provided by: openscap-utils_1.3.10+dfsg-3_amd64 bug

NAME

       autotailor - CLI tool for tailoring of SCAP data streams.

DESCRIPTION

       The  autotailor  tool  produces  tailoring  files  that SCAP-compliant scanners can use to
       complement SCAP data streams.  A tailoring file adds a new profile, which is  supposed  to
       extend a profile that is already present in the data stream.

       Tailoring  can  add,  remove  or  refine rules, and it also can redefine contents of XCCDF
       variables.

       The tool requires data stream location and  ID  of  the  base  profile  as  inputs.   Note
       however,  that  the referenced data stream is not opened, and the validity of tailoring is
       not checked against  it.   The  tool  doesn't  prevent  you  from  extending  non-existent
       profiles, selecting non-existent rules, and so on.

SYNOPSIS

       autotailor [OPTION...] DATASTREAM_FILE [BASE_PROFILE_ID]

OPTIONS

       --title TITLE
              Title of the new profile.

       --id-namespace ID_NAMESPACE
              The reverse-DNS style string that is part of entities IDs in the corresponding data
              stream. If left out, the default value 'org.ssgproject.content' is used.

       -v VAR=VALUE, --var-value VAR=VALUE
              Specify modification of the XCCDF value in  form  <varname>=<value>.  Name  of  the
              variable  can be either its full name, or the suffix, in which case the 'xccdf_<id-
              namespace>_value'  prefix  will  be  prepended  internally.  Specify  the  argument
              multiple times if needed.

       -v VAR=SELECTOR, --var-value VAR=SELECTOR
              Specify  refinement  of  the  XCCDF value in form <varname>=<selector>. Name of the
              variable can be either its full name, or the suffix, in which case the  'xccdf_<id-
              namespace>_value'  prefix  will  be  prepended  internally.  Specify  the  argument
              multiple times if needed.

       -r RULE=ROLE, --rule-role RULE=ROLE
              Specify refinement of the XCCDF rule role in form  <rule_id>=<role>.  Name  of  the
              rule  can  be  either  its  full name, or the suffix, in which case the 'xccdf_<id-
              namespace>_rule_' prefix will be prepended internally.  The value of <role> can  be
              one of full, unscored, unchecked. Specify the argument multiple times if needed.

       -e RULE=SEVERITY, --rule-severity RULE=SEVERITY
              Specify refinement of the XCCDF rule severity in form <rule_id>=<severity>. Name of
              the rule can be either its full name, or the suffix, in which case the  'xccdf_<id-
              namespace>_rule_'  prefix will be prepended internally. The value of <severity> can
              be one of unknown, info, low, medium, high. Specify the argument multiple times  if
              needed.

       -s RULE_ID, --select RULE_ID
              Specify  the rule to select. The rule ID can be either full, or just the suffix, in
              which case the 'xccdf_<id-namespace>_rule' prefix  will  be  prepended  internally.
              Specify the argument multiple times if needed.

       -u RULE_ID, --unselect RULE_ID
              Specify  the  rule  to  unselect.  The  argument works the same way as the --select
              argument.

       -p NEW_PROFILE_ID, --new-profile-id NEW_PROFILE_ID
              Specify the ID of the tailored profile. The ID of the new profile can be either its
              full  ID,  or  the suffix, in which case the 'xccdf_<id-namespace>_profile_' prefix
              will be prepended internally.  If  left  out,  the  new  ID  will  be  obtained  by
              appending '_customized' to the tailored profile ID.

       --json-tailoring JSON_TAILORING_FILE
              Import           tailoring           from           a           JSON           file
              (https://github.com/ComplianceAsCode/schemas/tree/main/tailoring).   This    option
              makes  BASE_PROFILE_ID  positional  argument optional.  However, data passed in the
              command  line  options  takes  precedence  over  JSON   contents,   including   the
              BASE_PROFILE_ID argument.

USAGE

   Modify a variable value
       $ autotailor --var-value xccdf_org.ssgproject.content_value_var_screensaver_lock_delay=120
       -o tailoring.xml ssg-rhel8-ds.xml xccdf_org.ssgproject.content_profile_pci_dss

       The utility allows you to specify the ID namespace using the --namespace-id option, so you
       don't  have to repeat the xccdf_org.ssgproject.content_... prefix everywhere.  The default
       namespace  ID  is  actually  org.ssgproject.content,  so  the  following  invocations  are
       equivalent to the first one:

       $      autotailor      --var-value      var_screensaver_lock_delay=120      --namespace-id
       org.ssgproject.content -o tailoring.xml ssg-rhel8-ds.xml pci_dss

       $ autotailor --var-value var_screensaver_lock_delay=120 -o tailoring.xml  ssg-rhel8-ds.xml
       pci_dss

       The        tailoring        tailoring_file        defines       a       new       profile,
       xccdf_org.ssgproject.content_profile_pci_dss_customized, which alters the screensaver lock
       delay.

   Perform more modifications
       $        autotailor        --var-value       var_screensaver_lock_delay=120       --select
       gconf_gnome_screensaver_idle_delay    --var-value    inactivity_timeout_value=600     ssg-
       rhel8-ds.xml pci_dss

   Import JSON tailoring
       $ autotailor ssg-rhel8-ds.xml --json-tailoring tailoring.json

REPORTING BUGS

       Please report bugs using https://github.com/OpenSCAP/openscap/issues

AUTHORS

       Matěj Týč <matyc@redhat.com>
       Jan Černý <jcerny@redhat.com>
       Evgenii Kolesnikov <ekolesni@redhat.com>