Oops, scratch that. I've just realized that these groups doesn't have
any rule yet.
Thus, more correct xpath check would be:
xpath ssg-rhel6-xccdf.xml '//Profile/select[(@selected != "false" or
@selected != "0") and @idref = //Group[/Rule]/@id]/@idref'
which is passing right now.
On 11/22/2012 07:27 PM, Simon Lukasik wrote:
> On 11/21/2012 05:48 PM, Jeffrey Blank wrote:
>> thanks -- please push!
>>
>
> Pushed. But I've just noticed there are two more bugs like this. The
> command:
>
> $ xpath ssg-rhel6-xccdf.xml \
> '//Profile/select[@idref = //Group/@id]/@idref'
>
> founds:
>
> idref="ftp_limit_users"-- NODE --
> idref="ftp_configure_firewall"
>
> We should really not be selecting the Groups but the Rules.
>
> However, I cannot fix this. As not being the content author, I am sure
> whether we want to have all the Rules of the given group
> (ftp_limit_users) to be selected. Could someone please check?
>
> Also, would it make sense to include such xpath check in the build process?
>
> Thanks,
>
> --
> Simon Lukasik
> _______________________________________________
> scap-security-guide mailing list
> [email protected]
> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
