c2p-openscap-manifest - Man Page

This file defines the metadata and runtime configuration options for the openscap-plugin, a plugin to be used with complyctl.

It is a JSON-formatted file typically installed at:

/usr/share/complyctl/plugins/c2p-openscap-manifest.json

Some configuration options used by openscap-plugin can be overridden by using a drop-in file with the same name in “/etc/complyctl/config.d/”:

/etc/complyctl/config.d/c2p-openscap-manifest.json

The easiest way to create a drop-in file is copying /usr/share/complyctl/plugins/c2p-openscap-manifest.json and defining the default values. Any other content can be removed to keep the drop-in file clean. See Configuration Options and Examples sections for more details.

For some specific cases, it is also possible to inform a custom configuration directory to override /etc/complyctl/config.d. For example, the following command will try to locate and read custom settings from manifest files hosted in /tmp/plugins-conf instead of /etc/complyctl/config.d:

complyctl generate --plugin-config /tmp/plugins-conf

See complyctl(1) for more details about the available options.

The configuration is a single JSON object with the following top-level keys:

• metadata: General plugin information
• executablePath: Name or path of the plugin binary
• sha256: The checksum of the binary (used for integrity checks)
• configuration: An array of runtime configuration options

This is an example of a manifest including all information.

{
  "metadata": {
    "id": "openscap",
    "description": "My openscap plugin",
    "version": "0.0.1",
    "types": [
      "pvp"
    ]
  },
  "executablePath": "openscap-plugin",
  "sha256": "17e8d0b82c9bfbe7c195505090954488175005898fc0e8da0812c112c582426c",
  "configuration": [
    {
      "name": "workspace",
      "description": "Directory for writing plugin artifacts",
      "required": true
    },
    {
      "name": "profile",
      "description": "The OpenSCAP profile to run for assessment",
      "required": true
    },
    {
      "name": "datastream",
      "description": "The OpenSCAP datastream to use. If not set, the plugin will try to determine it based on system information",
      "required": false
    },
    {
      "name": "policy",
      "description": "The name of the generated tailoring file",
      "default": "tailoring_policy.xml",
      "required": false
    },
    {
      "name": "arf",
      "description": "The name of the generated ARF file",
      "default": "arf.xml",
      "required": false
    },
    {
      "name": "results",
      "description": "The name of the generated results file",
      "default": "results.xml",
      "required": false
    }
  ]
}

This is an example of a drop-in file modifying the openscap files.

{
  "configuration": [
    {
      "name": "policy",
      "default": "custom_tailoring_policy.xml",
    },
    {
      "name": "arf",
      "default": "custom_arf.xml",
    },
    {
      "name": "results",
      "default": "custom_results.xml",
    }
  ]
}

complyctl(1), complyctl-openscap-plugin(7)

See the Upstream project at https://github.com/complytime/complyctl for more detailed documentation.

Marcus Burghardt maburgha@redhat.com\c.