>From b9549e0ddd658ee80e9d71228a2916590867ef31 Mon Sep 17 00:00:00 2001
From: Shawn Wells <[email protected]>
Date: Mon, 3 Dec 2012 19:55:27 -0500
Subject: [PATCH] Renamed STIG-server to "stig-rhel6-server"
It was really bugging me how the profile was named "stig-server" yet the code
was named "STIG-server." So I put everything in lowercase.
This patch also changes the format to ${policy}-${software},
so in this case "stig-rhel6-server.
This will become increasingly important as new content comes online over the
next months, e.g.
stig-rhel6-server
stig-rhs-server
stig-openshift
I debated about ${software}-${policy}, flip flopped back and forth, and then
played
rock-paper-scissors-lizard-spock to sort it out. Arguments for
${software}-${policy}
are more than welcome. I don't have a strong opinion on the matter.
---
RHEL6/Makefile | 22 +++---
RHEL6/input/profiles/STIG-server.xml | 94 ----------------------------
RHEL6/input/profiles/stig-rhel6-server.xml | 94 ++++++++++++++++++++++++++++
RHEL6/transforms/xccdf-addprofiles.xslt | 2 +-
4 files changed, 106 insertions(+), 106 deletions(-)
delete mode 100644 RHEL6/input/profiles/STIG-server.xml
create mode 100644 RHEL6/input/profiles/stig-rhel6-server.xml
diff --git a/RHEL6/Makefile b/RHEL6/Makefile
index 7221fe8..1e59adf 100644
--- a/RHEL6/Makefile
+++ b/RHEL6/Makefile
@@ -17,7 +17,7 @@ shorthand2xccdf: shorthand-guide
xsltproc -o $(OUT)/unlinked-noprofiles-rhel6-xccdf.xml
$(TRANS)/shorthand2xccdf.xslt $(OUT)/rhel6-shorthand.xml
xsltproc -stringparam profile "allprofiles" -o
$(OUT)/unlinked-rhel6-xccdf-prerefs.xml \
$(TRANS)/xccdf-addprofiles.xslt
$(OUT)/unlinked-noprofiles-rhel6-xccdf.xml
- xsltproc -stringparam profile "stig-server" -o
$(OUT)/unlinked-rhel6-xccdf.xml \
+ xsltproc -stringparam profile "stig-rhel6-server" -o
$(OUT)/unlinked-rhel6-xccdf.xml \
$(TRANS)/xccdf-addrefs.xslt
$(OUT)/unlinked-rhel6-xccdf-prerefs.xml
# extract manual check instructions from xccdf into an ocil file
xsltproc -o $(OUT)/unlinked-rhel6-ocil.xml
$(TRANS)/xccdf-create-ocil.xslt $(OUT)/unlinked-rhel6-xccdf.xml
@@ -78,25 +78,25 @@ table-stigs: shorthand2xccdf
$(TRANS)/xccdf2table-stig.xslt \
$(REFS)/disa-stig-rhel5-v1r0.6-xccdf-manual.xml
# temporarily retain an output file showing the short titles as well
- xsltproc -stringparam profile "stig-server" -stringparam testinfo "y"
-o $(OUT)/table-rhel6-stig-server-shorttitles.html \
+ xsltproc -stringparam profile "stig-rhel6-server" -stringparam testinfo
"y" -o $(OUT)/table-stig-rhel6-server-shorttitles.html \
$(TRANS)/xccdf2table-profileccirefs.xslt \
$(OUT)/unlinked-rhel6-xccdf.xml
xsltproc -stringparam alttitles
"../$(IN)/auxiliary/alt-titles-stig.xml" -o
$(OUT)/unlinked-stig-rhel6-xccdf.xml \
$(TRANS)/xccdf-alt-titles.xslt \
$(OUT)/unlinked-rhel6-xccdf.xml
- xsltproc -stringparam profile "stig-server" -o
$(OUT)/table-rhel6-stig-server.html \
+ xsltproc -stringparam profile "stig-rhel6-server" -o
$(OUT)/table-stig-rhel6-server.html \
$(TRANS)/xccdf2table-profileccirefs.xslt \
$(OUT)/unlinked-stig-rhel6-xccdf.xml
- xsltproc --html -o $(OUT)/table-rhel6-stig-server.html
$(TRANS)/table-add-vulnids.xslt $(OUT)/table-rhel6-stig-server.html
- xsltproc -stringparam profile "stig-server" -stringparam format "flat"
-o $(OUT)/table-rhel6-stig-server-flat.html \
+ xsltproc --html -o $(OUT)/table-stig-rhel6-server.html
$(TRANS)/table-add-vulnids.xslt $(OUT)/table-stig-rhel6-server.html
+ xsltproc -stringparam profile "stig-rhel6-server" -stringparam format
"flat" -o $(OUT)/table-stig-rhel6-server-flat.html \
$(TRANS)/xccdf2table-profileccirefs.xslt \
$(OUT)/unlinked-stig-rhel6-xccdf.xml
- xsltproc --html -o $(OUT)/table-rhel6-stig-server-flat.html
$(TRANS)/table-add-vulnids.xslt $(OUT)/table-rhel6-stig-server-flat.html
+ xsltproc --html -o $(OUT)/table-stig-rhel6-server-flat.html
$(TRANS)/table-add-vulnids.xslt $(OUT)/table-stig-rhel6-server-flat.html
tables: table-refs table-idents table-profilenistrefs table-srgmap table-stigs
alt-titles: shorthand2xccdf
- $(UTILS)/sync-alt-titles.py -p stig-server -f
$(IN)/auxiliary/alt-titles-stig.xml $(OUT)/unlinked-rhel6-xccdf.xml
+ $(UTILS)/sync-alt-titles.py -p stig-rhel6-server -f
$(IN)/auxiliary/alt-titles-stig.xml $(OUT)/unlinked-rhel6-xccdf.xml
XMLLINT_INDENT="" xmllint --format --output
$(IN)/auxiliary/alt-titles-stig.xml $(IN)/auxiliary/alt-titles-stig.xml
content: shorthand2xccdf guide checks
@@ -113,9 +113,9 @@ content-stig: shorthand2xccdf guide checks
$(TRANS)/xccdf-alt-titles.xslt \
$(OUT)/unlinked-rhel6-xccdf.xml
oscap xccdf resolve -o $(OUT)/unlinked-resolved-rhel6-xccdf.xml
$(OUT)/unlinked-rhel6-xccdf.xml
- xsltproc -stringparam profile "stig-server" -o
$(OUT)/unlinked-stig-rhel6-xccdf.xml \
+ xsltproc -stringparam profile "stig-rhel6-server" -o
$(OUT)/unlinked-stig-rhel6-xccdf.xml \
$(TRANS)/xccdf2stigformat.xslt
$(OUT)/unlinked-resolved-rhel6-xccdf.xml
- xsltproc -o $(OUT)/table-rhel6-stig-server-stigformat.html \
+ xsltproc -o $(OUT)/table-stig-rhel6-server-stigformat.html \
$(TRANS)/xccdf2table-stig.xslt
$(OUT)/unlinked-stig-rhel6-xccdf.xml
xmllint --format --output $(OUT)/unlinked-stig-rhel6-xccdf.xml
$(OUT)/unlinked-stig-rhel6-xccdf.xml
$(TRANS)/cpe_generate.py $(OUT)/unlinked-rhel6-oval.xml
$(IN)/checks/platform/rhel6-cpe-dictionary.xml disa-predraft
@@ -123,8 +123,8 @@ content-stig: shorthand2xccdf guide checks
xmllint --format --output $(OUT)/disa-predraft-stig-rhel6-xccdf.xml
$(OUT)/disa-predraft-stig-rhel6-xccdf.xml
submission-stig-check: table-stigs
- cd output; ../$(UTILS)/verify-references.py -p stig-server
--rules-with-disarefs-outside-profile unlinked-rhel6-xccdf-prerefs.xml
-# $(TRANS)/xccdf2csv-stig.py $(OUT)/unlinked-stig-rhel6-xccdf.xml >
$(OUT)/table-rhel6-stig.csv
+ cd output; ../$(UTILS)/verify-references.py -p stig-rhel6-server
--rules-with-disarefs-outside-profile unlinked-rhel6-xccdf-prerefs.xml
+# $(TRANS)/xccdf2csv-stig.py $(OUT)/unlinked-stig-rhel6-xccdf.xml >
$(OUT)/table-stig.csv
# content-usgcb: coming soon
diff --git a/RHEL6/input/profiles/STIG-server.xml
b/RHEL6/input/profiles/STIG-server.xml
deleted file mode 100644
index 15eedcf..0000000
--- a/RHEL6/input/profiles/STIG-server.xml
+++ /dev/null
@@ -1,94 +0,0 @@
-<Profile id="stig-server" extends="common"
xmlns="http://checklists.nist.gov/xccdf/1.1"; >
-<title>Pre-release Draft STIG for RHEL 6 Server</title>
-<description>This profile is being developed under the DoD consensus model to
become a STIG in coordination with DISA FSO.</description>
-
-<!-- DISA wants these to show up in the stig-table HTML
- file. Need to XSLT them there
-<select idref="requirement_unclear" selected="true"/>
-<select idref="new_rule_needed" selected="true"/>
-<select idref="met_inherently" selected="true"/>
-<select idref="unmet_impractical_product" selected="true"/>
-<select idref="unmet_impractical_guidance" selected="true"/> -->
-
-<select idref="rpm_verify_permissions" selected="true"/>
-<select idref="rpm_verify_hashes" selected="true"/>
-<select idref="world_writeable_files" selected="true"/>
-
-<select idref="install_antivirus" selected="true"/>
-<select idref="install_hids" selected="true"/>
-
-<select idref="disable_ctrlaltdel_reboot" selected="true"/>
-
-<select idref="service_postfix_enable" selected="true"/>
-<select idref="package_sendmail_removed" selected="true"/>
-
-<select idref="service_netconsole_disabled" selected="true"/>
-
-<select idref="disable_xwindows_with_runlevel" selected="true"/>
-<select idref="packagegroup_xwindows_remove" selected="true"/>
-<select idref="disable_dhcp_client" selected="true"/>
-<select idref="limiting_password_reuse" selected="true"/>
-
-<select idref="gid_passwd_group_same" selected="true"/>
-<select idref="account_unique_name" selected="true"/>
-
-<select idref="password_require_consecrepeat" selected="true"/>
-
-<select idref="no_files_unowned_by_user" selected="true"/>
-<select idref="no_files_unowned_by_group" selected="true"/>
-
-<select idref="aide_periodic_cron_checking" selected="true"/>
-<select idref="disable_users_coredumps" selected="true"/>
-<select idref="no_insecure_locks_exports" selected="true" />
-<select idref="configure_auditd_space_left_action" selected="true" />
-<select idref="configure_auditd_action_mail_acct" selected="true" />
-
-<select idref="kernel_module_bluetooth_disabled" selected="true"/>
-<select idref="kernel_module_usb-storage_disabled" selected="true"/>
-
-<select idref="max_concurrent_login_sessions" selected="true"/>
-<refine-value idref="max_concurrent_login_sessions_value" selector="10"/>
-
-<select idref="set_iptables_default_rule_forward" selected="true"/>
-
-<select idref="install_openswan" selected="true" />
-<select idref="enable_gdm_login_banner" selected="true" />
-
-<select idref="set_gdm_login_banner_text" selected="true" />
-<refine-value idref="login_banner_text" selector="dod_default"/>
-
-<select idref="service_bluetooth_disabled" selected="true" />
-<select idref="account_disable_post_pw_expiration" selected="true" />
-
-<select idref="sticky_world_writable_dirs" selected="true" />
-<select idref="world_writable_files_system_ownership" selected="true" />
-<select idref="tftpd_uses_secure_mode" selected="true" />
-
-<select idref="ftp_log_transactions" selected="true" />
-
-<select idref="user_umask_bashrc" selected="true" />
-<select idref="user_umask_cshrc" selected="true" />
-<select idref="user_umask_profile" selected="true" />
-<select idref="user_umask_logindefs" selected="true" />
-
-
-<refine-value idref="user_umask_value" selector="077"/>
-
-
-<select idref="set_daemon_umask" selected="true" />
-<refine-value idref="var_umask_for_daemons" selector="027"/>
-
-
-<select idref="no_netrc_files" selected="true" />
-
-<select idref="ftp_present_banner" selected="true" />
-
-<select idref="smartcard_auth" selected="true" />
-
-<!-- from inherited Rule, limiting_password_reuse -->
-<refine-value idref="password_history_retain_number" selector="24"/>
-
-<refine-value idref="var_password_max_age" selector="60"/>
-<!-- from inherited Rule, deny_password_attempts -->
-<refine-value idref="var_accounts_passwords_pam_faillock_deny" selector="3"/>
-</Profile>
diff --git a/RHEL6/input/profiles/stig-rhel6-server.xml
b/RHEL6/input/profiles/stig-rhel6-server.xml
new file mode 100644
index 0000000..354e887
--- /dev/null
+++ b/RHEL6/input/profiles/stig-rhel6-server.xml
@@ -0,0 +1,94 @@
+<Profile id="stig-rhel6-server" extends="common"
xmlns="http://checklists.nist.gov/xccdf/1.1"; >
+<title>Pre-release Draft STIG for RHEL 6 Server</title>
+<description>This profile is being developed under the DoD consensus model to
become a STIG in coordination with DISA FSO.</description>
+
+<!-- DISA wants these to show up in the stig-table HTML
+ file. Need to XSLT them there
+<select idref="requirement_unclear" selected="true"/>
+<select idref="new_rule_needed" selected="true"/>
+<select idref="met_inherently" selected="true"/>
+<select idref="unmet_impractical_product" selected="true"/>
+<select idref="unmet_impractical_guidance" selected="true"/> -->
+
+<select idref="rpm_verify_permissions" selected="true"/>
+<select idref="rpm_verify_hashes" selected="true"/>
+<select idref="world_writeable_files" selected="true"/>
+
+<select idref="install_antivirus" selected="true"/>
+<select idref="install_hids" selected="true"/>
+
+<select idref="disable_ctrlaltdel_reboot" selected="true"/>
+
+<select idref="service_postfix_enable" selected="true"/>
+<select idref="package_sendmail_removed" selected="true"/>
+
+<select idref="service_netconsole_disabled" selected="true"/>
+
+<select idref="disable_xwindows_with_runlevel" selected="true"/>
+<select idref="packagegroup_xwindows_remove" selected="true"/>
+<select idref="disable_dhcp_client" selected="true"/>
+<select idref="limiting_password_reuse" selected="true"/>
+
+<select idref="gid_passwd_group_same" selected="true"/>
+<select idref="account_unique_name" selected="true"/>
+
+<select idref="password_require_consecrepeat" selected="true"/>
+
+<select idref="no_files_unowned_by_user" selected="true"/>
+<select idref="no_files_unowned_by_group" selected="true"/>
+
+<select idref="aide_periodic_cron_checking" selected="true"/>
+<select idref="disable_users_coredumps" selected="true"/>
+<select idref="no_insecure_locks_exports" selected="true" />
+<select idref="configure_auditd_space_left_action" selected="true" />
+<select idref="configure_auditd_action_mail_acct" selected="true" />
+
+<select idref="kernel_module_bluetooth_disabled" selected="true"/>
+<select idref="kernel_module_usb-storage_disabled" selected="true"/>
+
+<select idref="max_concurrent_login_sessions" selected="true"/>
+<refine-value idref="max_concurrent_login_sessions_value" selector="10"/>
+
+<select idref="set_iptables_default_rule_forward" selected="true"/>
+
+<select idref="install_openswan" selected="true" />
+<select idref="enable_gdm_login_banner" selected="true" />
+
+<select idref="set_gdm_login_banner_text" selected="true" />
+<refine-value idref="login_banner_text" selector="dod_default"/>
+
+<select idref="service_bluetooth_disabled" selected="true" />
+<select idref="account_disable_post_pw_expiration" selected="true" />
+
+<select idref="sticky_world_writable_dirs" selected="true" />
+<select idref="world_writable_files_system_ownership" selected="true" />
+<select idref="tftpd_uses_secure_mode" selected="true" />
+
+<select idref="ftp_log_transactions" selected="true" />
+
+<select idref="user_umask_bashrc" selected="true" />
+<select idref="user_umask_cshrc" selected="true" />
+<select idref="user_umask_profile" selected="true" />
+<select idref="user_umask_logindefs" selected="true" />
+
+
+<refine-value idref="user_umask_value" selector="077"/>
+
+
+<select idref="set_daemon_umask" selected="true" />
+<refine-value idref="var_umask_for_daemons" selector="027"/>
+
+
+<select idref="no_netrc_files" selected="true" />
+
+<select idref="ftp_present_banner" selected="true" />
+
+<select idref="smartcard_auth" selected="true" />
+
+<!-- from inherited Rule, limiting_password_reuse -->
+<refine-value idref="password_history_retain_number" selector="24"/>
+
+<refine-value idref="var_password_max_age" selector="60"/>
+<!-- from inherited Rule, deny_password_attempts -->
+<refine-value idref="var_accounts_passwords_pam_faillock_deny" selector="3"/>
+</Profile>
diff --git a/RHEL6/transforms/xccdf-addprofiles.xslt
b/RHEL6/transforms/xccdf-addprofiles.xslt
index 1d3dadc..eb8a326 100644
--- a/RHEL6/transforms/xccdf-addprofiles.xslt
+++ b/RHEL6/transforms/xccdf-addprofiles.xslt
@@ -12,7 +12,7 @@
<xsl:apply-templates
select="document('../input/profiles/desktop.xml')" />
<xsl:apply-templates
select="document('../input/profiles/server.xml')" />
<xsl:apply-templates select="document('../input/profiles/ftp.xml')"
/>
- <xsl:apply-templates
select="document('../input/profiles/STIG-server.xml')" />
+ <xsl:apply-templates
select="document('../input/profiles/stig-rhel6-server.xml')" />
</xsl:if>
</xsl:template>
--
1.7.1
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
