OpenSCAP content for SLE Micro 6#685
Open
sounix000 wants to merge 3 commits into
Open
Conversation
lvicoun
requested changes
May 14, 2026
lvicoun
left a comment
lvicoun
left a comment
Contributor
There was a problem hiding this comment.
Hi Souvik,
please see my suggestions. Thanks!
sounix000
force-pushed
the
ssarkar/openscap-slem-6
branch
from
3a228fc to
0450454
Compare
lvicoun
approved these changes
Jun 9, 2026
lvicoun
left a comment
lvicoun
left a comment
Contributor
There was a problem hiding this comment.
Hi Souvik,
LGTM. Thanks!
dariavladykina
left a comment
dariavladykina
left a comment
Contributor
There was a problem hiding this comment.
Hi, please see some suggestions here. Thanks!
| <listitem> | ||
| <para> | ||
| &openscap; is an open source toolset that implements the Security Content | ||
| Automation Protocol (SCAP) framework. Combined with the &ssg;, it enables automated |
Contributor
There was a problem hiding this comment.
Suggested change
| Automation Protocol (SCAP) framework. Combined with the &ssg;, it enables automated | |
| Automation Protocol (SCAP) framework. Combined with the &ssg; (SSG), it enables automated |
Comment on lines
+117
to
+120
| Automated scanning and remediation reduces manual effort and ensures consistent | ||
| policy enforcement across systems. &productname; ships with the <literal>general</literal> | ||
| security profile, which provides a practical baseline for hardening immutable | ||
| systems. |
Contributor
There was a problem hiding this comment.
Suggested change
| Automated scanning and remediation reduces manual effort and ensures consistent | |
| policy enforcement across systems. &productname; ships with the <literal>general</literal> | |
| security profile, which provides a practical baseline for hardening immutable | |
| systems. | |
| Automated scanning and remediation reduce manual effort and ensure consistent | |
| policy enforcement across systems. &productname; ships with the <literal>general</literal> | |
| security profile, which provides a practical baseline for hardening immutable | |
| systems. |
| <!-- Introductory glue: sets context and outlines the workflow --> | ||
| <module resourceref="_openscap-intro" renderas="section"> | ||
| <merge> | ||
| <title>Overview</title> |
Contributor
There was a problem hiding this comment.
Suggested change
| <title>Overview</title> | |
| <title>Auditing and hardening &productname; with &openscap;<</title> |
Comment on lines
+53
to
+54
| SCAP consists of the following components, which interact with each other to describe, | ||
| evaluate, and report on the security state of a system. |
Contributor
There was a problem hiding this comment.
Suggested change
| SCAP consists of the following components, which interact with each other to describe, | |
| evaluate, and report on the security state of a system. | |
| SCAP consists of the following components, which interact to describe, | |
| evaluate and report on the security state of a system. |
| xmlns:xlink="http://www.w3.org/1999/xlink" | ||
| xmlns:trans="http://docbook.org/ns/transclusion"> | ||
| <info> | ||
| <title>Overview</title> |
Contributor
There was a problem hiding this comment.
*This is a duplicate of the comment to the SLE 16 article.
I would remove the first 2 paragraphs here - they are explained in section 2 - and just leave "The following sections describe...", and add a para in front of it saying sth like: This article explains how to use &oscap; and SSG to audit and harden &suselinunx; systems against recognized security baselines.
| xmlns:xlink="http://www.w3.org/1999/xlink" | ||
| xmlns:trans="http://docbook.org/ns/transclusion"> | ||
| <info> | ||
| <title>Remediating Vulnerabilities</title> |
Contributor
There was a problem hiding this comment.
Suggested change
| <title>Remediating Vulnerabilities</title> | |
| <title>Remediating vulnerabilities</title> |
| xmlns:xlink="http://www.w3.org/1999/xlink" | ||
| xmlns:trans="http://docbook.org/ns/transclusion"> | ||
| <info> | ||
| <title>Scanning the System for Vulnerabilities</title> |
Contributor
There was a problem hiding this comment.
Suggested change
| <title>Scanning the System for Vulnerabilities</title> | |
| <title>Scanning the system for vulnerabilities</title> |
| Because &productname; is an immutable system, remediation must be run more than once with reboots | ||
| between passes. The first pass uses &tr-up; to apply changes to a new snapshot. After | ||
| rebooting into the new snapshot, a second pass applies any remaining fixes. Rules are | ||
| executed in alphabetical order and some have dependencies on others. |
Contributor
There was a problem hiding this comment.
Suggested change
| executed in alphabetical order and some have dependencies on others. | |
| executed in alphabetical order, and some have dependencies on others. |
| <section xml:id="openscap-system-scanning-remote-resources"> | ||
| <title>Using remote resources during a scan</title> | ||
| <para> | ||
| Some &ssg; content references external OVAL files, for example to check whether the system is |
Contributor
There was a problem hiding this comment.
Suggested change
| Some &ssg; content references external OVAL files, for example to check whether the system is | |
| Some &ssg; content references external OVAL files, for example, to check whether the system is |
| <para> | ||
| In the resulting results files, a rule result of <literal>fixed</literal> indicates a | ||
| successful fix. A result of <literal>error</literal> indicates that the fix was not | ||
| successful and the rule still does not pass evaluation. |
Contributor
There was a problem hiding this comment.
Suggested change
| successful and the rule still does not pass evaluation. | |
| successful, and the rule still does not pass evaluation. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR creator: Description
OpenSCAP content for SLE Micro 6
PR creator: Are there any relevant issues/feature requests?
PR reviewer: Checklist for editorial review
Apart from the usual checks, please double-check also the following: