I am trying to get a "diff" of the commands that are executed as part of applying different releases of the oscap-anaconda-addon, specifically the STIGs applied in RHEL 7.9 and in AlmaLinux 9.1.
Context: We have a security appliance that was originally based on RedHat 7.9 and are migrating it to AlmaLinux 9.1. There has been a lot of "empirical discovery" so far as we run into configuration differences between the two platforms.
Most of these we can resolve fairly readily, but the OSCAP differences are opaque, given that they are ultimately based on differences in the underlying openscap packages, which are complex.
Ideally, I'd like to know what remediation commands are run by the add-on for each release. I'd be happy with some direction that would allow me to write a program that parses different versions of openscap using an appropriate "key" and returns the list of mitigation commands, which I could then compare.
Apologies if this is the wrong forum, I've been trying to determine the best place to pose this question, but haven't had much luck (the oscap anaconda add-on mailing list, e.g., has very little traffic and the last few Qs remain unanswered).
Any and all guidance will be warmly received! Thank you!
