Skip to content

Scripts

Jump to bottom
Allen Golbig edited this page Jul 29, 2021 · 6 revisions

generate_guidance.py script

The generate_guidance script is used to generate the following:

  • AsciiDoc document

  • HTML guide from asciidoc

  • PDF guide from asciidoc

  • Configuration Profiles

  • Compliance Script

  • Excel Document

When running generate guidance, the first argument given must be the baseline desired to create the asciidoc, PDF, and HTML files.

python3 ./scripts/generate_guidance.py -h
usage: generate_guidance.py [-h] [-l LOGO] [-p] [-r REFERENCE] [-s] [-x] [-H HASH] baseline

Given a baseline, create guidance documents and files.

positional arguments:
  baseline              Baseline YAML file used to create the guide.

optional arguments:
  -h, --help            show this help message and exit
  -l LOGO, --logo LOGO  Full path to logo file to be included in the guide.
  -p, --profiles        Generate configuration profiles for the rules.
  -r REFERENCE, --reference REFERENCE
                        Use the reference ID instead of rule ID for identification.
  -s, --script          Generate the compliance script for the rules.
  -x, --xls             Generate the excel (xls) document for the rules.
  -H HASH, --hash HASH  sign the configuration profiles with subject key ID (hash value without spaces)

Example:

python3 scripts/generate_guidance.py baselines/800-53r5_moderate.yaml
Profile YAML: baselines/800-53r5_moderate.yaml
Output path: /Users/mscp/src/macos_security/build/800-53r5_moderate/800-53r5_moderate.adoc
Generating HTML file from AsciiDoc...
Generating PDF file from AsciiDoc...

generate_baseline.py

The generate baseline script creates a baseline.yaml which can be used for content generation. The output file can be found under build/baselines

python3 scripts/generate_baseline.py -h
usage: generate_baseline.py [-h] [-c] [-k KEYWORD] [-l]

Given a keyword tag, generate a generic baseline.yaml file containing rules
with the tag.

optional arguments:
  -h, --help            show this help message and exit
  -c, --controls        Output the 800-53 controls covered by the rules.
  -k KEYWORD, --keyword KEYWORD
                        Keyword tag to collect rules containing the tag.
  -l, --list_tags       List the available keyword tags to search for.
📎
 If the script is called without any flags it will provide a list of all possible keywords.

Example:

python3 scripts/generate_baseline.py -k all_rules

yaml-to-oval.py

The YAML to OVAL script creates the OVAL checks required for SCAP generation.

python3 scripts/yaml-to-oval.py -h
usage: yaml-to-oval.py [-h] baseline

Given a profile, create oval checks.

positional arguments:
  baseline    Baseline YAML file used to create the oval.

optional arguments:
  -h, --help  show this help message and exit

Example:

python3 scripts/yaml-to-oval.py baselines/800-53_moderate.yaml
Profile YAML: baselines/800-53_moderate.yaml
Output path: /Users/mscp/src/macos_security/build/800-53_moderate/800-53_moderate.xml

Introduction

Clone this wiki locally