diff --git a/dist/bash_completion.d/oscap b/dist/bash_completion.d/oscap index 8627e851c6..b0b8952deb 100644 --- a/dist/bash_completion.d/oscap +++ b/dist/bash_completion.d/oscap @@ -35,9 +35,9 @@ function _oscap { opts[oscap:xccdf:remediate]="--result-id --skip-validation --fetch-remote-resources --local-files --results --results-arf --report --oval-results --export-variables --cpe --check-engine-results --progress --progress-full" opts[oscap:xccdf:resolve]="-o --output -f --force" opts[oscap:xccdf:generate]="--profile" - opts[oscap:xccdf:generate:report]="-o --output --result-id --profile --oval-template --sce-template" + opts[oscap:xccdf:generate:report]="-o --output --result-id --profile" opts[oscap:xccdf:generate:guide]="-o --output --hide-profile-info --profile --benchmark-id --xccdf-id --tailoring-file --tailoring-id --skip-signature-validation --enforce-signature" - opts[oscap:xccdf:generate:fix]="-o --output --template --profile --result-id --profile --fix-type --xccdf-id --benchmark-id --tailoring-file --tailoring-id --skip-signature-validation --enforce-signature" + opts[oscap:xccdf:generate:fix]="-o --output --profile --result-id --profile --fix-type --xccdf-id --benchmark-id --tailoring-file --tailoring-id --skip-signature-validation --enforce-signature" opts[oscap:xccdf:generate:custom]="-o --output --stylesheet" opts[oscap:info]="--fetch-remote-resources --local-files --profile --profiles" @@ -66,7 +66,7 @@ function _oscap { local cmd=${modpath##*:} case "$prev" in - --results|-o|--output|--template|--oval-template) _filedir 'xml.bz2|xml' ;; + --results|-o|--output) _filedir 'xml.bz2|xml' ;; --report) _filedir 'html' ;; esac diff --git a/tests/API/XCCDF/applicability/test_report_anaconda_fixes.sh b/tests/API/XCCDF/applicability/test_report_anaconda_fixes.sh index 3d555371d4..6afa057cf7 100755 --- a/tests/API/XCCDF/applicability/test_report_anaconda_fixes.sh +++ b/tests/API/XCCDF/applicability/test_report_anaconda_fixes.sh @@ -14,7 +14,7 @@ line1='^\W*part /tmp$' line2='^\W*part /tmp --mountoptions=nodev$' line3='^\W*passwd --minlen=14$' -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --output $result $srcdir/${name}.xccdf.xml 2>&1 > $stderr [ -f $stderr ]; [ ! -s $stderr ] grep "$line1" $result @@ -22,7 +22,7 @@ grep "$line2" $result grep "$line3" $result && false :> $result -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --profile xccdf_moc.elpmaxe.www_profile_1 \ --output $result $srcdir/${name}.xccdf.xml 2>&1 > $stderr [ -f $stderr ]; [ ! -s $stderr ] @@ -31,7 +31,7 @@ grep "$line2" $result grep "$line3" $result :> $result -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --cpe $srcdir/cpe-dict.xml \ --output $result $srcdir/${name}.xccdf.xml 2>&1 > $stderr [ -f $stderr ]; [ ! -s $stderr ] @@ -46,7 +46,7 @@ rm $result result=./${name}.out [ -f $result ] && rm $result -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --cpe $srcdir/cpe-dict.xml \ --profile xccdf_moc.elpmaxe.www_profile_1 \ --output $result $srcdir/${name}.xccdf.xml 2>&1 > $stderr diff --git a/tests/API/XCCDF/unittests/test_fix_arf.sh b/tests/API/XCCDF/unittests/test_fix_arf.sh index f657c6e08b..679c7791ea 100755 --- a/tests/API/XCCDF/unittests/test_fix_arf.sh +++ b/tests/API/XCCDF/unittests/test_fix_arf.sh @@ -10,7 +10,6 @@ profile="xccdf_moc.elpmaxe.www_profile_standard" result_id="xccdf_org.open-scap_testresult_xccdf_moc.elpmaxe.www_profile_standard" bash_line1="echo this_is_ok" bash_line2="echo fix_me_please" -ansible_template="urn:xccdf:fix:script:ansible" ansible_task1a="\- name: ensure everything passes" ansible_task1b="shell: /bin/true" ansible_task2a="\- name: correct the failing case" @@ -40,7 +39,7 @@ grep -q "$bash_line1" $script grep -q "$bash_line2" $script # Generate an Ansible playbook from a profile in ARF file -$OSCAP xccdf generate fix --profile $profile --template $ansible_template $results_arf | grep -Ev $regex >$playbook 2>$stderr +$OSCAP xccdf generate fix --profile $profile --fix-type ansible $results_arf | grep -Ev $regex >$playbook 2>$stderr diff -B $playbook $srcdir/$name.playbook1.yml [ -f $stderr ]; [ ! -s $stderr ]; rm $stderr grep -q "$ansible_task1a" $playbook @@ -56,7 +55,7 @@ grep -q -v "$bash_line1" $script grep -q "$bash_line2" $script # Generate an Ansible playbook based on scan results stored in ARF file -$OSCAP xccdf generate fix --result-id $result_id --template $ansible_template $results_arf | grep -Ev $regex >$playbook 2>$stderr +$OSCAP xccdf generate fix --result-id $result_id --fix-type ansible $results_arf | grep -Ev $regex >$playbook 2>$stderr diff -B $playbook $srcdir/$name.playbook2.yml [ -f $stderr ]; [ ! -s $stderr ]; rm $stderr grep -q -v "$ansible_task1a" $playbook diff --git a/tests/API/XCCDF/unittests/test_fix_filtering.sh b/tests/API/XCCDF/unittests/test_fix_filtering.sh index 93ef70e553..35995183cd 100755 --- a/tests/API/XCCDF/unittests/test_fix_filtering.sh +++ b/tests/API/XCCDF/unittests/test_fix_filtering.sh @@ -13,7 +13,7 @@ echo "Result file = $result" line1='^\W*part /var$' -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --output $result $srcdir/${name}.xccdf.xml 2>&1 > $stderr [ -f $stderr ]; [ ! -s $stderr ]; :> $stderr grep "$line1" $result diff --git a/tests/API/XCCDF/unittests/test_fix_script_header.sh b/tests/API/XCCDF/unittests/test_fix_script_header.sh index c50c83565d..5df7fe258f 100755 --- a/tests/API/XCCDF/unittests/test_fix_script_header.sh +++ b/tests/API/XCCDF/unittests/test_fix_script_header.sh @@ -4,8 +4,6 @@ set -e set -o pipefail -ansible_template="urn:xccdf:fix:script:ansible" -bash_template="urn:xccdf:fix:script:sh" profile="xccdf_moc.elpmaxe.www_profile_standard" result_id="xccdf_org.open-scap_testresult_xccdf_moc.elpmaxe.www_profile_standard" title="Standard System Security Profile" @@ -56,7 +54,7 @@ grep "$profile_header5" $script grep "$profile_header6" $script # Generate a bash script based on scan results -$OSCAP xccdf generate fix --result-id $result_id --template $bash_template --output $script $results_arf >$stdout 2>$stderr +$OSCAP xccdf generate fix --result-id $result_id --fix-type bash --output $script $results_arf >$stdout 2>$stderr [ -f $stdout ]; [ ! -s $stdout ]; rm $stdout [ -f $stderr ]; [ ! -s $stderr ]; rm $stderr grep "$result_header1a" $script @@ -66,7 +64,7 @@ grep "$result_header5" $script # Generate an Ansible playbook from an OpenSCAP profile -$OSCAP xccdf generate fix --profile $profile --template $ansible_template --output $playbook $srcdir/$name.xccdf.xml >$stdout 2>$stderr +$OSCAP xccdf generate fix --profile $profile --fix-type ansible --output $playbook $srcdir/$name.xccdf.xml >$stdout 2>$stderr [ -f $stdout ]; [ ! -s $stdout ]; rm $stdout [ -f $stderr ]; [ ! -s $stderr ]; rm $stderr grep "$profile_header1b" $playbook @@ -77,7 +75,7 @@ grep "$profile_header5" $playbook grep "$profile_header6" $playbook # Generate an Ansible playbook based on scan results stored in ARF file -$OSCAP xccdf generate fix --result-id $result_id --template $ansible_template --output $playbook $results_arf >$stdout 2>$stderr +$OSCAP xccdf generate fix --result-id $result_id --fix-type ansible --output $playbook $results_arf >$stdout 2>$stderr [ -f $stdout ]; [ ! -s $stdout ]; rm $stdout [ -f $stderr ]; [ ! -s $stderr ]; rm $stderr grep "$result_header1b" $playbook diff --git a/tests/API/XCCDF/unittests/test_generate_fix_ansible_vars.sh b/tests/API/XCCDF/unittests/test_generate_fix_ansible_vars.sh index 50b55873c0..311b1ffaa0 100755 --- a/tests/API/XCCDF/unittests/test_generate_fix_ansible_vars.sh +++ b/tests/API/XCCDF/unittests/test_generate_fix_ansible_vars.sh @@ -6,7 +6,6 @@ set -o pipefail profile="xccdf_com.example.www_profile_test_ansible_vars" profile_tailored="xccdf_com.example.www_profile_test_ansible_vars_tailored" -ansible_template="urn:xccdf:fix:script:ansible" ds="test_generate_fix_ansible_vars_ds.xml" tailoring_file="test_generate_fix_ansible_vars_ds-tailoring.xml" golden="test_generate_fix_ansible_vars_golden.yml" @@ -18,7 +17,7 @@ name=$(basename $0 .sh) playbook=$(make_temp_file /tmp ${name}.yml) out=$(make_temp_file /tmp ${name}.out) -$OSCAP xccdf generate fix --profile $profile --template $ansible_template \ +$OSCAP xccdf generate fix --profile $profile --fix-type ansible \ $srcdir/$ds >$playbook 2>$out [ -f $out ]; [ ! -s $out ]; :> $out [ -f $playbook ]; [ -s $playbook ] @@ -40,7 +39,7 @@ golden_altered_var=$(grep "$var:" $srcdir/$golden_altered | xsed "s|.*$var:[^0-9 [ "$generated_var" != "$golden_altered_var" ] # Generates Ansible playbook using tailoring file. -$OSCAP xccdf generate fix --template $ansible_template \ +$OSCAP xccdf generate fix --fix-type ansible \ --profile $profile_tailored --tailoring-file $srcdir/$tailoring_file \ $srcdir/$ds >$playbook 2>$out [ -f $out ]; [ ! -s $out ]; :> $out diff --git a/tests/API/XCCDF/unittests/test_report_anaconda_fixes.sh b/tests/API/XCCDF/unittests/test_report_anaconda_fixes.sh index b6ed35003d..77b6eb8a02 100755 --- a/tests/API/XCCDF/unittests/test_report_anaconda_fixes.sh +++ b/tests/API/XCCDF/unittests/test_report_anaconda_fixes.sh @@ -15,7 +15,7 @@ line1='^\W*part /tmp$' line2='^\W*part /tmp --mountoptions=nodev$' line3='^\W*passwd --minlen=14$' -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --output $result $srcdir/${name}.xccdf.xml 2>&1 > $stderr [ -f $stderr ]; [ ! -s $stderr ]; :> $stderr grep "$line1" $result @@ -38,7 +38,7 @@ grep -v "$line1" $result | grep -v "$line2" | grep -v "$line3" :> $result -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --profile xccdf_moc.elpmaxe.www_profile_1 \ --output $result $srcdir/${name}.xccdf.xml 2>&1 > $stderr [ -f $stderr ]; [ ! -s $stderr ]; :> $stderr @@ -53,7 +53,7 @@ rm $result # And Now For Something Completely Different -- Tailoring: -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --tailoring-file $srcdir/${name}.tailoring.xml \ --profile xccdf_org.open-scap_profile_unselecting \ --output $result \ @@ -65,7 +65,7 @@ $OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ rm $result line4='^\W*passwd --minlen=8$' -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --tailoring-file $srcdir/${name}.tailoring.xml \ --profile xccdf_org.open-scap_profile_override \ --output $result \ diff --git a/tests/API/XCCDF/unittests/test_report_anaconda_fixes_ds.sh b/tests/API/XCCDF/unittests/test_report_anaconda_fixes_ds.sh index e9ef8fc3d2..132d854102 100755 --- a/tests/API/XCCDF/unittests/test_report_anaconda_fixes_ds.sh +++ b/tests/API/XCCDF/unittests/test_report_anaconda_fixes_ds.sh @@ -28,7 +28,7 @@ component_id=scap_org.open-scap_cref_test_report_anaconda_fixes.xccdf.xml $OSCAP info $sds | grep $datastream_id $OSCAP info $sds | grep $component_id -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --datastream-id $datastream_id --xccdf-id $component_id \ --output $result $sds 2>&1 > $stderr [ -f $stderr ]; [ ! -s $stderr ]; :> $stderr @@ -40,7 +40,7 @@ grep -v "$line1" $result | grep -v "$line2" | grep -v "$line3" :> $result -$OSCAP xccdf generate fix --template urn:redhat:anaconda:pre \ +$OSCAP xccdf generate fix --fix-type anaconda \ --profile xccdf_moc.elpmaxe.www_profile_1 \ --output $result $sds 2>&1 > $stderr [ -f $stderr ]; [ ! -s $stderr ]; :> $stderr diff --git a/utils/oscap-tool.h b/utils/oscap-tool.h index 9333b84e93..6e13bb7132 100644 --- a/utils/oscap-tool.h +++ b/utils/oscap-tool.h @@ -125,9 +125,7 @@ struct oscap_action { struct oscap_stringlist *rules; struct oscap_stringlist *skip_rules; char *format; - const char *tmpl; char *id; - char *oval_template; int hide_profile_info; char *stylesheet; char *tailoring_file; @@ -155,7 +153,6 @@ struct oscap_action { int without_sys_chars; int thin_results; int remediate; - char *sce_template; int check_engine_results; int export_variables; int list_dynamic; diff --git a/utils/oscap-xccdf.c b/utils/oscap-xccdf.c index 59337c16ac..852b3ef401 100644 --- a/utils/oscap-xccdf.c +++ b/utils/oscap-xccdf.c @@ -242,8 +242,7 @@ static struct oscap_module XCCDF_GEN_REPORT = { .help = GEN_OPTS "\nReport Options:\n" " --result-id - TestResult ID to be processed. Default is the most recent one.\n" - " --output - Write the document into file.\n" - " --oval-template - Template which will be used to obtain OVAL result files.\n", + " --output - Write the document into file.\n", .opt_parser = getopt_xccdf, .user = "xccdf-report.xsl", .func = app_xccdf_xslt @@ -285,7 +284,6 @@ static struct oscap_module XCCDF_GEN_FIX = { " blueprint (default: bash).\n" " --output - Write the script into file.\n" " --result-id - Fixes will be generated for failed rule-results of the specified TestResult.\n" - " --template - Fix template. (default: bash)\n" " --benchmark-id - ID of XCCDF Benchmark in some component in the data stream that should be used.\n" " (only applicable for source data streams)\n" " --xccdf-id - ID of component-ref with XCCDF in the data stream that should be evaluated.\n" @@ -943,43 +941,32 @@ int app_generate_fix(const struct oscap_action *action) { struct xccdf_session *session = NULL; struct ds_rds_session *arf_session = NULL; - const char *template = NULL; - - if (action->fix_type != NULL && action->tmpl != NULL) { - /* Avoid undefined situations, eg.: - * oscap xccdf generate fix --fix-type ansible --template urn:xccdf:fix:scipt:sh - */ - fprintf(stderr, - "Option '--fix-type' is mutually exclusive with '--template'.\n" - "Please provide only one of them.\n"); - return OSCAP_ERROR; - } else if (action->fix_type != NULL) { + const char *remediation_system = NULL; + + if (action->fix_type != NULL) { if (strcmp(action->fix_type, "bash") == 0) { - template = "urn:xccdf:fix:script:sh"; + remediation_system = "urn:xccdf:fix:script:sh"; } else if (strcmp(action->fix_type, "ansible") == 0) { - template = "urn:xccdf:fix:script:ansible"; + remediation_system = "urn:xccdf:fix:script:ansible"; } else if (strcmp(action->fix_type, "puppet") == 0) { - template = "urn:xccdf:fix:script:puppet"; + remediation_system = "urn:xccdf:fix:script:puppet"; } else if (strcmp(action->fix_type, "anaconda") == 0) { - template = "urn:redhat:anaconda:pre"; + remediation_system = "urn:redhat:anaconda:pre"; } else if (strcmp(action->fix_type, "ignition") == 0) { - template = "urn:xccdf:fix:script:ignition"; + remediation_system = "urn:xccdf:fix:script:ignition"; } else if (strcmp(action->fix_type, "kubernetes") == 0) { - template = "urn:xccdf:fix:script:kubernetes"; + remediation_system = "urn:xccdf:fix:script:kubernetes"; } else if (strcmp(action->fix_type, "blueprint") == 0) { - template = "urn:redhat:osbuild:blueprint"; + remediation_system = "urn:redhat:osbuild:blueprint"; } else { fprintf(stderr, "Unknown fix type '%s'.\n" - "Please provide one of: bash, ansible, puppet, anaconda, ignition, kubernetes, blueprint.\n" - "Or provide a custom template using '--template' instead.\n", + "Please provide one of: bash, ansible, puppet, anaconda, ignition, kubernetes, blueprint.\n", action->fix_type); return OSCAP_ERROR; } - } else if (action->tmpl != NULL) { - template = action->tmpl; } else { - template = "urn:xccdf:fix:script:sh"; + remediation_system = "urn:xccdf:fix:script:sh"; } int ret = OSCAP_ERROR; @@ -1046,7 +1033,7 @@ int app_generate_fix(const struct oscap_action *action) struct xccdf_policy *policy = xccdf_session_get_xccdf_policy(session); struct xccdf_result *result = xccdf_policy_get_result_by_id(policy, xccdf_session_get_result_id(session)); - if (xccdf_policy_generate_fix(policy, result, template, output_fd) == 0) + if (xccdf_policy_generate_fix(policy, result, remediation_system, output_fd) == 0) ret = OSCAP_OK; } else { // Fallback to profile if result id is missing /* Profile-oriented fixes */ @@ -1060,7 +1047,7 @@ int app_generate_fix(const struct oscap_action *action) } } struct xccdf_policy *policy = xccdf_session_get_xccdf_policy(session); - if (xccdf_policy_generate_fix(policy, NULL, template, output_fd) == 0) + if (xccdf_policy_generate_fix(policy, NULL, remediation_system, output_fd) == 0) ret = OSCAP_OK; } cleanup2: @@ -1125,20 +1112,20 @@ int app_generate_guide(const struct oscap_action *action) int app_xccdf_xslt(const struct oscap_action *action) { - const char *oval_template = action->oval_template; - const char *sce_template = action->sce_template; + const char *oval_template = NULL; + const char *sce_template = NULL; - if (action->module == &XCCDF_GEN_REPORT && (oval_template == NULL || sce_template == NULL)) { + if (action->module == &XCCDF_GEN_REPORT) { /* If generating the report and the option is missing -> use defaults */ struct oscap_source *xccdf_source = oscap_source_new_from_file(action->f_xccdf); /* We want to define default template because we strive to serve user the * best. However, we must not offer a template, if there is a risk it might * be incorrect. Otherwise, libxml2 will throw a lot of misleading messages * to stderr. */ - if (oval_template == NULL && _some_result_exists(xccdf_source, "http://oval.mitre.org/XMLSchema/oval-definitions-5")) { + if (_some_result_exists(xccdf_source, "http://oval.mitre.org/XMLSchema/oval-definitions-5")) { oval_template = "%.result.xml"; } - if (sce_template == NULL && _some_result_exists(xccdf_source, "http://open-scap.org/page/SCE")) { + if (_some_result_exists(xccdf_source, "http://open-scap.org/page/SCE")) { sce_template = "%.result.xml"; } oscap_source_free(xccdf_source); @@ -1152,7 +1139,6 @@ int app_xccdf_xslt(const struct oscap_action *action) "result-id", action->id, "benchmark_id", action->f_benchmark_id, "profile_id", action->profile, - "template", action->tmpl, "oval-template", oval_template, "sce-template", sce_template, "verbosity", "", @@ -1192,11 +1178,8 @@ enum oval_opt { XCCDF_OPT_RULE, XCCDF_OPT_SKIP_RULE, XCCDF_OPT_REPORT_FILE, - XCCDF_OPT_TEMPLATE, XCCDF_OPT_FORMAT, - XCCDF_OPT_OVAL_TEMPLATE, XCCDF_OPT_STYLESHEET_FILE, - XCCDF_OPT_SCE_TEMPLATE, XCCDF_OPT_FILE_VERSION, XCCDF_OPT_TAILORING_FILE, XCCDF_OPT_TAILORING_ID, @@ -1230,14 +1213,11 @@ bool getopt_xccdf(int argc, char **argv, struct oscap_action *action) {"skip-rule", required_argument, NULL, XCCDF_OPT_SKIP_RULE}, {"result-id", required_argument, NULL, XCCDF_OPT_RESULT_ID}, {"report", required_argument, NULL, XCCDF_OPT_REPORT_FILE}, - {"template", required_argument, NULL, XCCDF_OPT_TEMPLATE}, - {"oval-template", required_argument, NULL, XCCDF_OPT_OVAL_TEMPLATE}, {"stylesheet", required_argument, NULL, XCCDF_OPT_STYLESHEET_FILE}, {"tailoring-file", required_argument, NULL, XCCDF_OPT_TAILORING_FILE}, {"tailoring-id", required_argument, NULL, XCCDF_OPT_TAILORING_ID}, {"cpe", required_argument, NULL, XCCDF_OPT_CPE}, {"cpe-dict", required_argument, NULL, XCCDF_OPT_CPE_DICT}, // DEPRECATED! - {"sce-template", required_argument, NULL, XCCDF_OPT_SCE_TEMPLATE}, {"fix-type", required_argument, NULL, XCCDF_OPT_FIX_TYPE}, {"local-files", required_argument, NULL, XCCDF_OPT_LOCAL_FILES}, {"reference", required_argument, NULL, XCCDF_OPT_REFERENCE}, @@ -1281,8 +1261,6 @@ bool getopt_xccdf(int argc, char **argv, struct oscap_action *action) break; case XCCDF_OPT_RESULT_ID: action->id = optarg; break; case XCCDF_OPT_REPORT_FILE: action->f_report = optarg; break; - case XCCDF_OPT_TEMPLATE: action->tmpl = optarg; break; - case XCCDF_OPT_OVAL_TEMPLATE: action->oval_template = optarg; break; /* we use realpath to get an absolute path to given XSLT to prevent openscap from looking into /usr/share/openscap/xsl instead of CWD */ case XCCDF_OPT_STYLESHEET_FILE: oscap_realpath(optarg, custom_stylesheet_path); action->stylesheet = custom_stylesheet_path; break; @@ -1294,7 +1272,6 @@ bool getopt_xccdf(int argc, char **argv, struct oscap_action *action) fprintf(stdout, "Warning: --cpe-dict is a deprecated option. Please use --cpe instead!\n\n"); action->cpe = optarg; break; } - case XCCDF_OPT_SCE_TEMPLATE: action->sce_template = optarg; break; case XCCDF_OPT_FIX_TYPE: action->fix_type = optarg; break; diff --git a/utils/oscap.8 b/utils/oscap.8 index f135c2f859..ac5f76b941 100644 --- a/utils/oscap.8 +++ b/utils/oscap.8 @@ -408,12 +408,6 @@ Write the report to this file instead of standard output. .TP \fB\-\-result-id ID\fR ID of the XCCDF TestResult from which the report will be generated. -.TP -\fB\-\-oval-template \fItemplate-string\fR -To use the ability to include additional information from OVAL in xccdf result file, a template which will be used to obtain OVAL result file names has to be specified. The template can be either a filename or a string containing wildcard character (percent sign '%'). Wildcard will be replaced by the original OVAL definition file name as referenced from the XCCDF file. This way it is possible to obtain OVAL information even from XCCDF documents referencing several OVAL files. To use this option with results from an XCCDF evaluation, specify \fI%.result.xml\fR as a OVAL file name template. -.TP -\fB\-\-sce-template \fItemplate-string\fR -To use the ability to include additional information from SCE in XCCDF result file, a template which will be used to obtain SCE result file names has to be specified. The template can be either a filename or a string containing wildcard character (percent sign '%'). Wildcard will be replaced by the original SCE script file name as referenced from the XCCDF file. This way it is possible to obtain SCE information even from XCCDF documents referencing several SCE files. To use this option with results from an XCCDF evaluation, specify \fI%.result.xml\fR as a SCE file name template. .RE .TP .B \fBfix\fR [\fIoptions\fR] xccdf-file @@ -425,7 +419,7 @@ Result-oriented fixes are generated using result-id provided to select only the Profile-oriented fixes are generated using all rules within the provided profile. If no result-id/profile are provided, (default) profile will be used to generate fixes. .TP \fB\-\-fix-type TYPE\fR -Specify fix type. There are multiple programming languages in which the fix script can be generated. TYPE should be one of: bash, ansible, puppet, anaconda, ignition, kubernetes, blueprint. Default is bash. This option is mutually exclusive with --template, because fix type already determines the template URN. +Specify fix type. There are multiple programming languages in which the fix script can be generated. TYPE should be one of: bash, ansible, puppet, anaconda, ignition, kubernetes, blueprint. Default is bash. .TP \fB\-\-output FILE\fR Write the report to this file instead of standard output. @@ -433,9 +427,6 @@ Write the report to this file instead of standard output. \fB\-\-result-id \fIID\fR\fR Fixes will be generated for failed rule-results of the specified TestResult. .TP -\fB\-\-template \fIID|FILE\fR\fR -Template to be used to generate the script. If it contains a dot '.' it is interpreted as a location of a file with the template definition. Otherwise it identifies a template from standard set which currently includes: \fIbash\fR (default if no --template switch present). Brief explanation of the process of writing your own templates is in the XSL file \fIxsl/legacy-fix.xsl\fR in the openscap data directory. You can also take a look at the default template \fIxsl/legacy-fixtpl-bash.xml\fR. -.TP \fB\-\-xccdf-id ID\fR Takes component ref with given ID from checklists. This allows one to select a particular XCCDF component even in cases where there are multiple XCCDFs in a single data stream. If none is given, the first component from the checklists element is used. .TP