diff --git a/src/XCCDF_POLICY/xccdf_policy_remediate.c b/src/XCCDF_POLICY/xccdf_policy_remediate.c index a270ad19f6..2be53679d5 100644 --- a/src/XCCDF_POLICY/xccdf_policy_remediate.c +++ b/src/XCCDF_POLICY/xccdf_policy_remediate.c @@ -1268,8 +1268,10 @@ static int _write_script_header_to_fd(struct xccdf_policy *policy, struct xccdf_ free(profile_description); const struct xccdf_version_info *xccdf_version = benchmark ? xccdf_benchmark_get_schema_version(benchmark) : NULL; + char *profile_id_banner = profile_id ? oscap_sprintf("# Profile ID: %s\n", profile_id) : strdup(""); const char *xccdf_version_name = xccdf_version ? xccdf_version_info_get_version(xccdf_version) : "Unknown"; char *tailoring_option = tailoring_file_name ? oscap_sprintf(" --tailoring-file %s", tailoring_file_name) : strdup(""); + char *profile_option = profile_id ? oscap_sprintf(" --profile %s", profile_id) : strdup(""); fix_header = oscap_sprintf( "%s" @@ -1280,13 +1282,13 @@ static int _write_script_header_to_fd(struct xccdf_policy *policy, struct xccdf_ "# Profile Description:\n" "# %s\n" "#\n" - "# Profile ID: %s\n" + "%s" "# Benchmark ID: %s\n" "# Benchmark Version: %s\n" "# XCCDF Version: %s\n" "#\n" "# This file was generated by OpenSCAP %s using:\n" - "# $ oscap xccdf generate fix%s --profile %s --fix-type %s %s\n" + "# $ oscap xccdf generate fix%s%s --fix-type %s %s\n" "#\n" "# This %s is generated from an OpenSCAP profile without preliminary evaluation.\n" "# It attempts to fix every selected rule, even if the system is already compliant.\n" @@ -1297,13 +1299,15 @@ static int _write_script_header_to_fd(struct xccdf_policy *policy, struct xccdf_ "###############################################################################\n\n", shebang_with_newline, remediation_type, profile_title, commented_profile_description, - profile_id, benchmark_id, benchmark_version_info, xccdf_version_name, - oscap_version, tailoring_option, profile_id, format, input_file_name, remediation_type, + profile_id_banner, benchmark_id, benchmark_version_info, xccdf_version_name, + oscap_version, tailoring_option, profile_option, format, input_file_name, remediation_type, remediation_type, how_to_apply ); + free(profile_id_banner); free(tailoring_option); free(commented_profile_description); + free(profile_option); } else { // Results-based remediation fix @@ -1557,16 +1561,24 @@ static int _generate_kickstart_oscap_post(struct kickstart_commands *cmds, const { _write_text_to_fd(output_fd, "# Perform OpenSCAP hardening (required for security compliance)\n"); _write_text_to_fd(output_fd, "%post --erroronfail\n"); - const char *fmt; + const char *fmt = "oscap xccdf eval --remediate%s--results-arf /root/oscap_arf.xml --report /root/oscap_report.html%s/usr/share/xml/scap/ssg/content/%s\n"; + const char *tailoring_part; if (tailoring != NULL) { - fmt = "oscap xccdf eval --remediate --tailoring-file /root/oscap_tailoring.xml --results-arf /root/oscap_arf.xml --report /root/oscap_report.html --profile '%s' /usr/share/xml/scap/ssg/content/%s\n"; + tailoring_part = " --tailoring-file /root/oscap_tailoring.xml "; + } else { + tailoring_part = " "; + } + char *profile_part; + if (profile_id != NULL) { + profile_part = oscap_sprintf(" --profile '%s' ", profile_id); } else { - fmt = "oscap xccdf eval --remediate --results-arf /root/oscap_arf.xml --report /root/oscap_report.html --profile '%s' /usr/share/xml/scap/ssg/content/%s\n"; + profile_part = strdup(" "); } char *dup = strdup(input_path); char *basename = oscap_basename(dup); free(dup); - char *oscap_command = oscap_sprintf(fmt, profile_id, basename); + char *oscap_command = oscap_sprintf(fmt, tailoring_part, profile_part, basename); + free(profile_part); free(basename); _write_tailoring_to_fd(tailoring, output_fd); _write_text_to_fd_and_free(output_fd, oscap_command);