-
Bug
-
Resolution: Won't Do
-
Undefined
-
None
-
rhel-9.5
-
No
-
None
-
rhel-security-compliance
-
ssg_security
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
Problem
==============
1] Waivers have been requested by customers. The use-case is as follows. Customers want to be compliant to some security policy so they scan their systems using OpenSCAP. However some of their machines will be failing a few rules. Customers decide that these 2 rules are low priority or don't even make any sense for these few machines and want to mark them as such.
2] If customer make custom tailored file to disable checks for this rule, The report does not include disabled checks, nor are they indicated with a "skipped" status. It would be beneficial to have disabled checks at least marked as "skipped" within the report.
Additionally, the option to include custom waiver text for checks would be a valuable enhancement.
Expected result
==============
Add waiver for rules in HTML report.
Rule overview in html report shows a small label next to waived rules.
Bugzillas/ Jira References :
Support waivers in all the OpenSCAP related projects and integrations
https://issues.redhat.com/browse/OPENSCAP-240
RHEL7: https://bugzilla.redhat.com/show_bug.cgi?id=1216939
RHEL6: https://bugzilla.redhat.com/show_bug.cgi?id=1216937
Upstream OpenSCAP supports waivers using the XCCDF:override element
Oscap: https://github.com/OpenSCAP/openscap/blob/main/NEWS
- introduced API for waivers (xccdf:override) and modification of ARF
- initial support for waivers in HTML Report
References:
https://martin.preisler.me/2014/11/waivers-in-openscap-html-report/
https://martin.preisler.me/2014/07/openscap-html-report-redesign-part-2/
