Set ODV values (and perhaps other things like excluded rules) non-interactively #374
Comments
|
The process of selecting which rules are to be included and what the values to be used is a manual process and requires interaction. Once this process is complete, the generated documents and scripts include those values that were chosen during the testing and development of and orgs baseline. The scripts that subsequently run include the values chosen at the time that the baseline was generated, and they typically not changed during the course of operations. We already have baselines with recommended values that are populated based on a chosen benchmark (housed within yaml files/dicts). If you'd like to customize those recommended values, then you could achieve a similar result to what you are describing. You can modify the yaml files, or create custom rules manually with the key/value pairs which will be picked up when you generate guidance. The |
The only was I see in the documentation (https://github.com/usnistgov/macos_security/wiki/Tailoring#tailoring-a-benchmark) to set ODVs is interactive, running
generate_baseline.pywith-t. I think it would be useful if those could be set without having to do it interactively (e.g. set an env VARrule_name_ODV=...or something, or maybe a yaml dict with rule names as keys and ODV values as values). I guess that also applies to everything else that script asks about, e.g. excluding rules.The text was updated successfully, but these errors were encountered: