autotailor - Man Page

The autotailor tool produces tailoring files that SCAP-compliant scanners can use to complement SCAP data streams. A tailoring file adds a new profile, which is supposed to extend a profile that is already present in the data stream.

Tailoring can add, remove or refine rules, and it also can redefine contents of XCCDF variables.

The tool requires data stream location and ID of the base profile as inputs. Note however, that the referenced data stream is not opened, and the validity of tailoring is not checked against it. The tool doesn't prevent you from extending non-existent profiles, selecting non-existent rules, and so on.

autotailor [OPTION...] DATASTREAM_FILE [BASE_PROFILE_ID]

--title TITLE

Title of the new profile.

--id-namespace ID_NAMESPACE

The reverse-DNS style string that is part of entities IDs in the corresponding data stream. If left out, the default value 'org.ssgproject.content' is used.

-v VAR=VALUE, --var-value VAR=VALUE

Specify modification of the XCCDF value in form <varname>=<value>. Name of the variable can be either its full name, or the suffix, in which case the 'xccdf_<id-namespace>_value' prefix will be prepended internally. Specify the argument multiple times if needed.

-v VAR=SELECTOR, --var-value VAR=SELECTOR

Specify refinement of the XCCDF value in form <varname>=<selector>. Name of the variable can be either its full name, or the suffix, in which case the 'xccdf_<id-namespace>_value' prefix will be prepended internally. Specify the argument multiple times if needed.

-r RULE=ROLE, --rule-role RULE=ROLE

Specify refinement of the XCCDF rule role in form <rule_id>=<role>. Name of the rule can be either its full name, or the suffix, in which case the 'xccdf_<id-namespace>_rule_' prefix will be prepended internally. The value of <role> can be one of full, unscored, unchecked. Specify the argument multiple times if needed.

-e RULE=SEVERITY, --rule-severity RULE=SEVERITY

Specify refinement of the XCCDF rule severity in form <rule_id>=<severity>. Name of the rule can be either its full name, or the suffix, in which case the 'xccdf_<id-namespace>_rule_' prefix will be prepended internally. The value of <severity> can be one of unknown, info, low, medium, high. Specify the argument multiple times if needed.

-s RULE_ID, --select RULE_ID

Specify the rule to select. The rule ID can be either full, or just the suffix, in which case the 'xccdf_<id-namespace>_rule' prefix will be prepended internally. Specify the argument multiple times if needed.

-u RULE_ID, --unselect RULE_ID

Specify the rule to unselect. The argument works the same way as the --select argument.

-p NEW_PROFILE_ID, --new-profile-id NEW_PROFILE_ID

Specify the ID of the tailored profile. The ID of the new profile can be either its full ID, or the suffix, in which case the 'xccdf_<id-namespace>_profile_' prefix will be prepended internally. If left out, the new ID will be obtained by appending '_customized' to the tailored profile ID.

--json-tailoring JSON_TAILORING_FILE

Import tailoring from a JSON file (https://github.com/ComplianceAsCode/schemas/tree/main/tailoring). This option makes BASE_PROFILE_ID positional argument optional. However, data passed in the command line options takes precedence over JSON contents, including the BASE_PROFILE_ID argument.

Please report bugs using https://github.com/OpenSCAP/openscap/issues

Matěj Týč <matyc@redhat.com>
Jan Černý <jcerny@redhat.com>
Evgenii Kolesnikov <ekolesni@redhat.com>