On 11/16/12 10:20 PM, Michele Newman wrote:
---
RHEL6/input/profiles/STIG-server.xml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/RHEL6/input/profiles/STIG-server.xml
b/RHEL6/input/profiles/STIG-server.xml
index b9709bd..280d092 100644
--- a/RHEL6/input/profiles/STIG-server.xml
+++ b/RHEL6/input/profiles/STIG-server.xml
@@ -2,6 +2,11 @@
<title>Pre-release Draft STIG for RHEL 6 Server</title>
<description>This profile is being developed under the DoD consensus model to
become a STIG in coordination with DISA FSO.</description>
+<select idref="requirement_unclear" selected="true"/>
+<select idref="new_rule_needed" selected="true"/>
+<select idref="met_inherently" selected="true"/>
+<select idref="unmet_impractical_product" selected="true"/>
+<select idref="unmet_impractical_guidance" selected="true"/>
<select idref="rpm_verify_permissions" selected="true"/>
<select idref="rpm_verify_hashes" selected="true"/>
<select idref="world_writeable_files" selected="true"/>
Undoing this, as these rules are not actual XCCDF and break things:
oscap xccdf eval --profile stig-server --cpe
RHEL6/output/ssg-rhel6-cpe-dictionary.xml RHEL6/output/ssg-rhel6-xccdf.xml
...
OpenSCAP Error: Selector ID(unmet_impractical_guidance) does not exist
in Benchmark. [xccdf_policy.c:2207]
Please make sure to compile and run a scan to ensure patches don't bork
things up ;)
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
