On 08/21/2012 10:29 AM, Jeffrey Blank wrote: > On 08/20/2012 04:42 PM, Gary Gapinski wrote: >> I did a quick check of the generated content against the SCAP Content >> Validation Tool <http://scap.nist.gov/revision/1.1/index.html#validation>. > Fantastic -- thanks for the testing! > > >> I first created CPE definition and OVAL documents (available when >> needed; I can check into the project after I grok proper commit >> conduct). These are unfortunately required for conformance with SP 800-126. > I thought my patch from last week took care of generating those? > (in the script transforms/cpe_generate.py, and new directory > input/checks/platform) > > The output files should be in: > http://people.redhat.com/swells/scap-security-guide/RHEL6/output/ > > (There's a weird bug where one of the OVAL definitions (qpid) got > flagged as inventory but it should be fixed now (if you pull a clean > clone).)
I see them at that URI but they do not appear to be generated in RHEL6/output by "make tables". > > >> I then noticed that the OVAL ids are not in OVAL format, so further >> validation attempts will have to await assignment of OVAL-conformant >> identifiers. > Could you elaborate? I certainly played some games with identifiers > during development, but I thought we got final output right. > > The file rhel6-oval.xml isn't in proper OVAL format, but > rhel6-oval-scap-security-guide.xml has the IDs properly assigned. This > was done on purpose, so that any org could easily assign an ID, and > developers would never have to see pointless numeric designators and > duplicative org designators. (But maybe we've got something else > wrong.) And admittedly, this isn't apparent at a glance. > > But it's what the Makerule for "content:" does here: > http://people.redhat.com/swells/scap-security-guide/RHEL6/Makefile "make content" creates them - I had neglected to use that. I had also unfortunately used rhel6-oval.xml - I'll re-run with the other documents. _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
