Mapped CCI 382 which requires "The operating system must configure the
information system to specifically prohibit or restrict the use of
organization-defined functions, ports, protocols, and/or services" to all
the disable service xyz rules in base. Then make validate was making me sad
with the following errors so I cleaned it up.
oscap xccdf validate-xml output/rhel6-xccdf-scap-security-guide.xml
1 1877 In file 'output/rhel6-xccdf-scap-security-guide.xml' on line 237:
Element '{http://checklists.nist.gov/xccdf/1.1}refine-value': Duplicate
key-sequence ['var_umask_for_daemons'] in unique identity-constraint
'{http://checklists.nist.gov/xccdf/1.1}refineValueKey'.
1 1877 In file 'output/rhel6-xccdf-scap-security-guide.xml' on line 261:
Element '{http://checklists.nist.gov/xccdf/1.1}refine-value': Duplicate
key-sequence ['password_history_retain_number'] in unique identity-constraint
'{http://checklists.nist.gov/xccdf/1.1}refineValueKey'.
1 1871 In file 'output/rhel6-xccdf-scap-security-guide.xml' on line 3212:
Element '{http://checklists.nist.gov/xccdf/1.1}Value': This element is not
expected. Expected is ( {http://checklists.nist.gov/xccdf/1.1}signature ).
oscap was unable to validate the XML document you provided.
Kevin Spargur (3):
Removed duplicate entries causing make validate to fail
Added some spacing to remove a make validate error
Mapped CCI382 to several disable service xyz rules
RHEL6/input/profiles/common.xml | 4 ---
RHEL6/input/services/base.xml | 46 +++++++++++++++++-----------------
RHEL6/input/system/accounts/pam.xml | 4 +-
3 files changed, 25 insertions(+), 29 deletions(-)
--
1.7.7.6
_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/scap-security-guide
