On Saturday, April 06, 2013 4:30 PM, Shawn Wells wrote: > On Apr 6, 2013, at 8:08 AM, Simon Lukasik <[email protected]> wrote: > > > On 04/05/2013 09:08 PM, Francisco Slavin wrote: > >> If all of the bash scripts will live within one XCCDF XML file, each > >> > > > in discrete <fix> tags, I'm not sure what approach the community > >> would like to take regarding function re-use. It seems like some > >> pre-processing may be necessary; i.e. resolve the source operator > >> before inserting the script content into the <fix> tag. The goal is > >> to only have one copy of a specific function saved in the SSG repo > >> but to be able to use it for multiple <fix>es which differ only in > >> one parameter. > > > > Maybe the text substitution of <plain-text> could be considered for > > this task. According to NISTIR-7275r4, the <xccdf:sub> element within > > <xccdf:fix> may refer to the <xccdf:plain-text> element. > > > > Hence, SSG may use plain-text elements for definition of common > > scripts or functions. And only refer to such single plain-text from > > all of the Rules. > > > > The example of <plain-text> usage is in OpenSCAP unittests at: > > > > http://git.fedorahosted.org/cgit/openscap.git/tree/tests/API/XCCDF/uni > > ttests/test_remediation_subs_plain_text.xccdf.xml > > > > and > > > > http://git.fedorahosted.org/cgit/openscap.git/tree/tests/API/XCCDF/uni > > ttests/ > > This is fantastic, thank you Simon! I went through your unit test scripts and > got a few ideas on improving SSG (outside of remediation). > > I won't get a chance to try this until late Sunday, but we should easily be > able > to transform "functions" as existing in current Tresys scripts. Someone feel > free to shoot out a first draft/patch!
The <plain-text> usage does look like an excellent approach here. I'll try to find some time today to hack together a patch based on the scripts I sent previously. - Francisco _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
