On 9/16/13 11:13 PM, Jeffrey Blank wrote:
It passes my visual inspection for sanity. That said, we're
definitely gonna want to run "make validate" to see if anything got
mismatched. There's a lot of renaming going on...
Should be good. XCCDF <rule> matches called <oval>, which matches
profile XCCDF call outs:
[shawn@SSG-RHEL6 input]$ grep -rin no_files_unowned_by_user *
auxiliary/stig_overlay.xml:666: <overlay owner="disastig"
ruleid="no_files_unowned_by_user" ownerid="RHEL-06-000300" disa="224"
severity="low">
checks/no_files_unowned_by_user.xml:3: id="no_files_unowned_by_user"
version="1">
checks/no_files_unowned_by_user.xml:15:
test_ref="test_no_files_unowned_by_user" />
checks/no_files_unowned_by_user.xml:20:
id="test_no_files_unowned_by_user" version="1">
checks/no_files_unowned_by_user.xml:25: <unix:object
object_ref="obj_no_files_unowned_by_user" />
checks/no_files_unowned_by_user.xml:26: <unix:state
state_ref="state_no_files_unowned_by_user" />
checks/no_files_unowned_by_user.xml:29:
id="state_no_files_unowned_by_user" version="1">
checks/no_files_unowned_by_user.xml:33:
id="obj_no_files_unowned_by_user" version="1">
checks/testids.ini:63:test_no_files_unowned_by_user = 264
checks/testids.ini:120:state_no_files_unowned_by_user = 266
checks/testids.ini:126:no_files_unowned_by_user = 263
checks/testids.ini:134:obj_no_files_unowned_by_user = 265
profiles/stig-rhel6-server.xml:33:<select
idref="no_files_unowned_by_user" selected="true"/>
profiles/fisma-medium-rhel6-server.xml:60:<select
idref="no_files_unowned_by_user" selected="true" />
profiles/usgcb-rhel6-server.xml:54:<select
idref="no_files_unowned_by_user" selected="true" />
profiles/nist-CL-IL-AL.xml:155:<select idref="no_files_unowned_by_user"
selected="true" \>
profiles/CS2.xml:65:<select idref="no_files_unowned_by_user"
selected="true" />
system/permissions/files.xml:435:<Rule id="no_files_unowned_by_user">
system/permissions/files.xml:458:<oval id="no_files_unowned_by_user" />
The two OVAL definition errors are due to local changes:
[shawn@SSG-RHEL6 RHEL6]$ make validate
oscap xccdf validate-xml output/ssg-rhel6-xccdf.xml
oscap oval validate-xml output/ssg-rhel6-oval.xml
oscap oval validate-xml output/ssg-rhel6-cpe-oval.xml
cd output; ../utils/verify-references.py --rules-with-invalid-checks
--ovaldefs-unused ssg-rhel6-xccdf.xml
Invalid OVAL definition referenced by XCCDF Rule: set_gdm_login_banner_text
Invalid OVAL definition referenced by XCCDF Rule:
disable_logwatch_for_logserver
OVAL Check is not referenced by XCCDF: oval:ssg:def:1166
OVAL Check is not referenced by XCCDF: oval:ssg:def:279
OVAL Check is not referenced by XCCDF: oval:ssg:def:432
OVAL Check is not referenced by XCCDF: oval:ssg:def:616
oscap oval validate-xml --schematron output/ssg-rhel6-oval.xml
<?xml version="1.0"?>
DEPRECATED OBJECT: ind:environmentvariable_object ID: oval:ssg:obj:2123
Invalid OVAL Definition content(5.10) in output/ssg-rhel6-oval.xml.
make: *** [validate] Error 2
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
