RE: EXTERNAL: Re: scan question

[Kordell, Luke T]

Hi, 

     I double-checked to make sure I added the correct line to the guide.xslt 
file but when I greped the ssg-rhel6=xccdf.xml file it did not return the usgcb 
file. I wish I could pull the latest update and patches quickly but am unable 
to do so with my RHEL machine at the moment.  

Basically what I'm trying to do is find a good starting-point for a completely 
customized profile that calls a particular set of rules I will define. I think 
I need to conduct a little more research to make-sure I fully understand how to 
use the scripts to generate OVAL content and how to create a profile. I think I 
have the rule creation/adding part down. Can you point me in the right 
direction? 

As always thank you for the assistance! 

Luke K 
________________________________________
From: scap-security-guide-boun...@lists.fedorahosted.org 
[scap-security-guide-boun...@lists.fedorahosted.org] on behalf of Shawn Wells 
[sh...@redhat.com]
Sent: Sunday, September 29, 2013 8:16 PM
To: scap-security-guide@lists.fedorahosted.org
Subject: Re: EXTERNAL: Re: scan question

On 9/27/13 6:11 PM, Kordell, Luke T wrote:

Thank you for responding!  I'm actually getting a bunch of unlinked files in my 
output directory.

The Make process involves several iterative XSLT transforms, which generate the 
unlinked-* files. If you're looking for something usable, they can be 
completely ignored.

The final content is reflected in the ssg-rhel6-* files under the output/ 
directory after you do a 'make content'.  Alternatively, you could do a 'make 
dist' which may be easier to consume:

[shawn@SSG-RHEL6 RHEL6]$ pwd
/var/www/html/scap-security-guide/RHEL6

[shawn@SSG-RHEL6 RHEL6]$ make dist
...... build process runs .....

[shawn@SSG-RHEL6 RHEL6]$ ll dist/
total 12
drwxrwxr-x. 2 shawn shawn 4096 Sep 29 22:06 content
drwxrwxr-x. 2 shawn shawn 4096 Sep 29 22:06 guide
drwxrwxr-x. 2 shawn shawn 4096 Sep 29 22:06 policytables
[shawn@SSG-RHEL6 RHEL6]$ ll dist/content/
total 1892
-rw-rw-r--. 1 shawn shawn     600 Sep 29 22:07 ssg-rhel6-cpe-dictionary.xml
-rw-rw-r--. 1 shawn shawn    3640 Sep 29 22:07 ssg-rhel6-cpe-oval.xml
-rw-rw-r--. 1 shawn shawn  751809 Sep 29 22:07 ssg-rhel6-oval.xml
-rw-rw-r--. 1 shawn shawn 1172552 Sep 29 22:07 ssg-rhel6-xccdf.xml



Should the usgcb file be usgcb-rhel6-server-xccdf.xml?

The profile will be included within ssg-rhel6-xccdf.xml. You could verify that 
by grepping the ssg-rhel6-xccdf.xml file:

$ grep "<Profile" output/ssg-rhel6-xccdf.xml
  <Profile id="test">
  <Profile id="CS2">
  <Profile id="common">
  <Profile id="desktop">
  <Profile id="server">
  <Profile id="ftp">
  <Profile id="stig-rhel6-server">
  <Profile id="usgcb-rhel6-server">




Note that the USGCB is *very* rough and does not [yet] reflect a comprehensive 
profile. But if people are willing to test it, then it makes sense to begin 
including it... lemme whip up a patch....

Shawn
_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide