Where can i find all the sce scripts to be included as part of a datastream file for oscap

[shreejitdureka]

Hello ,

I am using oscap tool to audit CentOS 7 using CIS provided xmls (xccdf, oval etc). After correcting the initial errors with the provided xml i am able to scan the system but some of the rule checks (~40) are reporting as 'notchecked'. I could see those require sce scripts to check. I was able to create couple of sample bash scripts using the audit procedure mentioned in the CIS benchmark against that particular rule and was able to successfully scan it and even include that as part of my final datastream file. But there are many more scripts that are needed. I wanted to know if this is the right approach or is there any place i could get all the latest sce scripts needed by the latest CIS xml benchmark ?

I am relatively new to openscap so any help would be highly appreciated. :-)

Thanks and Regards, Shreejit

[jan-cerny]

Hi, I think that this is a question that should be directed to CIS directly. If they aren't providing checks for some rules in their content then OpenSCAP can't supply some other checks instead; OpenSCAP is a mere interpreter of the given content.

[shreejitdureka]

Thank you !. I have created a ticket with CIS as well.