Thank you for responding! I'm actually getting a bunch of unlinked files in my output directory. Should the usgcb file be usgcb-rhel6-server-xccdf.xml?
Luke ________________________________________ From: [email protected] [[email protected]] on behalf of Shawn Wells [[email protected]] Sent: Thursday, September 26, 2013 8:29 PM To: [email protected] Subject: EXTERNAL: Re: scan question On 9/26/13 1:16 PM, Kordell, Luke T wrote: Hello,. I recently downloaded the SCAP source code and noticed there were some additional profiles listed in the profiles folder. How can I run a scan against these profiles? For instance wen trying to run a scan against the usgcb-rhel6-server.xml (after successfully using oscap xccdf validate) I get an "unknown document type" error. I think this is because I'm using the stig profile and the ssg cpe dictionary. If so how can I add a usgcb profile and cpe dictionary to successfully scan against this profile? Thank you for the help. Good question! There are a few profiles in the RHEL6/input/profiles/ directory which are still being completed, for example the FISMA, and a few which likely should be deleted (e.g. desktop). To list out which profiles are compiled in: $ grep "<Profile" output/ssg-rhel6-xccdf.xml <Profile id="test"> <Profile id="CS2"> <Profile id="common"> <Profile id="desktop"> <Profile id="server"> <Profile id="ftp"> <Profile id="stig-rhel6-server"> Profile definitions from RHEL6/input/profiles/ are merged into the build process through the RHEL6/input/guide.xslt file: https://git.fedorahosted.org/cgit/scap-security-guide.git/tree/RHEL6/input/guide.xslt Since you're cloning the source (which is great!), I'll wager you're comfortable editing things. If you'd like to check out the (in progress) USGCB, add a line where you see the other apply-templates: <xsl:apply-templates select="document('profiles/usgcb-rhel6-server.xml')" /> From there, re-run 'make content' in the RHEL6 directory and you'll see an updated XCCDF in the output/ directory _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
