I am trying to create a new repo for Tomcat 9 STIG for work. I found a public repo that is that same and trying to mirror it: https://github.com/mitre/apache-tomcat-9.x-stig-baseline/tree/main
The part I am having trouble is, I am not sure how to convert the STIG I downloaded from the DoD website (https://public.cyber.mil/stigs/downloads/) into the individual vulnerabilities files. I tried creating a script to create the individual files but not having much luck.
The question here is, how do I create a STIG repo from scratch? Or possibly a github repo that shows how to convert the files? I have been searching for a little while but could not find anything.
UPDATED
I was able to finally get the control files generated using:
inspect_delta update profile -p <path to repo> -s <path to stig.xml>
The challenging part was the xml file had characters the command did not like and I had to manually edit the file.
My next question is, are the all files under control dir need to be manually edit for each check?
You need to sign in to view this answers
Leave feedback about this