Through some abuse of the <check-export> facility in XCCDF, we can now
attach a clause to a body of manual checking instructions that can
be used as part of a boilerplate remark.
Also contained here are fixes to make the content validate.
Jeffrey Blank (5):
removal of duplicate OCIL checking text
temporary commenting of x windows listening Rule, until new version
is complete
adding transforms and Values support to enable automatic generation
of boilerplate text * if a "shorthand" OCIL / manual check
text is decorated with a clause attribute, then it can now
be used to generate a boilerplate remark which incorporates that
clause * for example, if your check needs to conclude with,
"If [clause], then this is a finding..." we can now generate
the boilerplate portions if the clause is provided. The clause can
also be used to construct a question in the true OCIL style
for the valid OCIL output.
added example clause for manual check text, to enable boilerplate
remark generation
removed duplicate OCIL check
RHEL6/input/guide.xslt | 6 ++++
RHEL6/input/profiles/common.xml | 2 +-
RHEL6/input/services/base.xml | 1 -
RHEL6/input/services/dhcp.xml | 2 +-
.../accounts/restrictions/password_storage.xml | 8 ------
RHEL6/input/system/network/ipsec.xml | 1 -
RHEL6/input/system/network/wireless.xml | 1 -
RHEL6/input/system/software/disk_partitioning.xml | 4 ++-
RHEL6/transforms/shorthand2xccdf.xslt | 26 +++++++++----------
RHEL6/transforms/xccdf2table-profileccirefs.xslt | 4 +++
10 files changed, 27 insertions(+), 28 deletions(-)
_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
