Ubuntu Manpage: autotailor - CLI tool for tailoring of SCAP data streams.

Provided by: openscap-utils_1.4.2+dfsg-1ubuntu1_all

NAME

       autotailor - CLI tool for tailoring of SCAP data streams.

DESCRIPTION

       The autotailor tool produces tailoring files that SCAP-compliant scanners can use to complement SCAP data
       streams.   A  tailoring  file  adds  a new profile, which is supposed to extend a profile that is already
       present in the data stream.

       Tailoring can add, remove or refine rules, and it also can redefine contents of XCCDF variables.

       The tool requires data stream location and ID of the base profile as  inputs.   Note  however,  that  the
       referenced  data stream is not opened, and the validity of tailoring is not checked against it.  The tool
       doesn't prevent you from extending non-existent profiles, selecting non-existent rules, and so on.

SYNOPSIS

       autotailor [OPTION...] DATASTREAM_FILE [BASE_PROFILE_ID]

OPTIONS

--title TITLE
Title of the new profile.

--id-namespace ID_NAMESPACE
The reverse-DNS style string that is part of entities IDs in the corresponding data stream. If
left out, the default value 'org.ssgproject.content' is used.

-v VAR=VALUE, --var-value VAR=VALUE
Specify modification of the XCCDF value in form <varname>=<value>. Name of the variable can be
either its full name, or the suffix, in which case the 'xccdf_<id-namespace>_value' prefix will be
prepended internally. Specify the argument multiple times if needed.

-v VAR=SELECTOR, --var-value VAR=SELECTOR
Specify refinement of the XCCDF value in form <varname>=<selector>. Name of the variable can be
either its full name, or the suffix, in which case the 'xccdf_<id-namespace>_value' prefix will be
prepended internally. Specify the argument multiple times if needed.

-r RULE=ROLE, --rule-role RULE=ROLE
Specify refinement of the XCCDF rule role in form <rule_id>=<role>. Name of the rule can be either
its full name, or the suffix, in which case the 'xccdf_<id-namespace>_rule_' prefix will be
prepended internally. The value of <role> can be one of full, unscored, unchecked. Specify the
argument multiple times if needed.

-e RULE=SEVERITY, --rule-severity RULE=SEVERITY
Specify refinement of the XCCDF rule severity in form <rule_id>=<severity>. Name of the rule can
be either its full name, or the suffix, in which case the 'xccdf_<id-namespace>_rule_' prefix will
be prepended internally. The value of <severity> can be one of unknown, info, low, medium, high.
Specify the argument multiple times if needed.

-s RULE_ID, --select RULE_ID
Specify the rule to select. The rule ID can be either full, or just the suffix, in which case the
'xccdf_<id-namespace>_rule' prefix will be prepended internally. Specify the argument multiple
times if needed.

-u RULE_ID, --unselect RULE_ID
Specify the rule to unselect. The argument works the same way as the --select argument.

-p TAILORED_PROFILE_ID, --tailored-profile-id TAILORED_PROFILE_ID
Specify the ID of the tailored profile. The ID of the new profile can be either its full ID, or
the suffix, in which case the 'xccdf_<id-namespace>_profile_' prefix will be prepended internally.
If left out, the new ID will be obtained by appending '_customized' to the tailored profile ID.

--new-profile-id NEW_PROFILE_ID
Synonym of --tailored-profile-id.

--json-tailoring JSON_TAILORING_FILE
Import tailoring from a JSON file
(https://github.com/ComplianceAsCode/schemas/tree/main/tailoring). This option makes
BASE_PROFILE_ID positional argument optional. However, data passed in the command line options
takes precedence over JSON contents, including the BASE_PROFILE_ID argument. JSON tailoring can
be accompanied with additional command-line options to either override contents of an existing
profile (along with --tailored-profile-id identifier) or to create an extra profile
(BASE_PROFILE_ID is a mandatory argument in this case and --tailored-profile-id is optional) in
the resulting XCCDF tailoring file.

USAGE

   Modify a variable value
       $    autotailor    --var-value    xccdf_org.ssgproject.content_value_var_screensaver_lock_delay=120    -o
       tailoring.xml ssg-rhel8-ds.xml xccdf_org.ssgproject.content_profile_pci_dss

       The utility allows you to specify the ID namespace using the --namespace-id option, so you don't have  to
       repeat  the  xccdf_org.ssgproject.content_...  prefix  everywhere.   The default namespace ID is actually
       org.ssgproject.content, so the following invocations are equivalent to the first one:

       $  autotailor  --var-value  var_screensaver_lock_delay=120   --namespace-id   org.ssgproject.content   -o
       tailoring.xml ssg-rhel8-ds.xml pci_dss

       $ autotailor --var-value var_screensaver_lock_delay=120 -o tailoring.xml ssg-rhel8-ds.xml pci_dss

       The          tailoring          tailoring_file          defines          a          new          profile,
       xccdf_org.ssgproject.content_profile_pci_dss_customized, which alters the screensaver lock delay.

   Perform more modifications
       $  autotailor  --var-value  var_screensaver_lock_delay=120  --select   gconf_gnome_screensaver_idle_delay
       --var-value inactivity_timeout_value=600 ssg-rhel8-ds.xml pci_dss

   Import JSON tailoring
       $ autotailor ssg-rhel8-ds.xml --json-tailoring tailoring.json

REPORTING BUGS

       Please report bugs using https://github.com/OpenSCAP/openscap/issues

AUTHORS

       Matěj Týč <matyc@redhat.com>
       Jan Černý <jcerny@redhat.com>
       Evgenii Kolesnikov <ekolesni@redhat.com>

Red Hat, Inc.                                     January 2024                                     autotailor(8)