Hi Shawn, Do you think it would be possible to add that logic to xccdf2html.xslt? The transforms applied by OpenSCAP for rhel6-guide.html result ok. I honestly would like to try to fix this (it should be somewhere in OpenSCAP’s XSL), but I lack XSL knowledge…
Regards From: [email protected] [mailto:[email protected]] On Behalf Of Shawn Wells Sent: sábado, 7 de Junho de 2014 07:23 To: [email protected] Subject: Re: [PATCH] Replace constants for profile value in XCCDF descriptions On 6/4/14, 3:04 AM, Rui Pedro Bernardino wrote: Hi (…) Patch generates some whitespace errors: $ git apply /tmp/rui1.patch /tmp/rui1.patch:156: trailing whitespace. module. In the file <tt>/etc/pam.d/system-auth</tt>, append <tt>remember=<sub idref="var_password_history_retain_limit" /></tt> to the /tmp/rui1.patch:382: trailing whitespace. Set this to <tt><sub idref="var_auditd_space_left_action"/></tt> (instead of the default which is <tt>suspend</tt>) warning: 2 lines add whitespace errors. Not sure what this means. I’m new to git and my dev system cannot send e-mails to the Internet; some of the submit steps are manual, perhaps I messed things up. Sorry. (…) ..... the XCCD variable does not get populated here. It does get populated on eval reports and on guides. However it doesn’t populate on table-* files so it may need a few adjustments. I'm running `make content` and checking the rhel6-guide-custom.html for proper values. For example: http://people.redhat.com/swells/scap-security-guide/RHEL/6/output/rhel6-guide-custom.html#auditd_data_retention_space_left_action Set this to (instead of the default which is suspend) as it is more likely to get prompt attention. Acceptable values also include suspend, single, andhalt. The underlying code has "Set this to <tt><sub idref="var_auditd_space_left_action"/></tt> (instead of the default which is <tt>suspend</tt>"... the variable isn't getting expanded in the guides. Note if I generate the checklist everything is OK.... just having this problem with the guide. I'm using: $ rpm -qa openscap openscap-utils openscap-utils-1.0.8-1.el6_5.x86_64 openscap-1.0.8-1.el6_5.x86_64 Same here. Did these substitutions work for you? I’ve been using this for quite some time on our profiles (we have our own policies). I think this behavior is better than using text (eg) “The DoD requirement is 14. The FISMA requirement is 12. (…)” or having sysadmins figure out the specific compliance values elsewhere. Regards _______________________________________________ scap-security-guide mailing list [email protected]<mailto:[email protected]> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide -- Shawn Wells Director, Innovation Programs [email protected]<mailto:[email protected]> | 443.534.0130 @shawndwells
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
