[PATCH 0/8] Introduce FEDORA directory skeleton and transform scripts. Include start up 'test' profile having two gpgcheck scans

Thu, 12 Sep 2013 23:31:25 -0700 

From 4f22aa7e9c2f85ec1a93e7723f1d9ada3c417c6a Mon Sep 17 00:00:00 2001
From: Jan Lieskovsky <[email protected]>
Date: Thu, 12 Sep 2013 17:34:09 +0200
Subject: [PATCH 0/8] Introduce FEDORA directory skeleton and transform scripts. Include start up 'test' profile having two gpgcheck scans

The presented patchset introduces FEDORA (sub)directory structure,
and related scripts / transformations, necessary to start developing
Fedora SCAP SSG content.

The FEDORA (sub)directory structure is sketched on the scheme below:
FEDORA/
├── input
│   ├── checks
│   │   ├── ensure_gpgcheck_never_disabled.xml
│   │   ├── installed_OS_is_fedora19.xml
│   │   ├── platform
│   │   │   └── fedora-cpe-dictionary.xml
│   │   └── yum_gpgcheck_global_activation.xml
│   ├── guide.xml
│   ├── guide.xslt
│   ├── intro
│   │   └── intro.xml
│   ├── profiles
│   │   └── test.xml
│   └── system
│       ├── software
│       │   ├── software.xml
│       │   └── updating.xml
│       └── system.xml
├── Makefile
├── output
├── README
├── scap-security-guide.spec
├── transforms
│   ├── combinechecks.py
│   ├── constants.xslt
│   ├── cpe_generate.py
│   ├── idtranslate.py
│   ├── idtranslate.pyc
│   ├── relabelids.py
│   ├── shorthand2xccdf.xslt
│   ├── xccdf-removeaux.xslt
│   └── xccdf-removetested.xslt
└── utils
    ├── README
    └── verify-references.py

10 directories, 25 files

The 'checks' subdirectory contains two gpgcheck related scans, and
test if the underlying host is Fedora 19.

'guide.xml, guide.xslt', content of 'intro', and 'system' directories
is dedicated for creation of resulting fedora-19-guide.html file.

'input/profiles/test.xml' is the definition of the 'test' profile itself
(currently having just two rules). To be gradually enhanced on one-new-test
per ~3 days basis.

'Makefile' contains rules necessary for generation of Fedora OVAL, XCCDF,
CPE dictionary, and dist information. The generated content will be
stored in the 'output' directory.

README provides information about directory structure (what can be found /
should be stored where when enhancing the content).

scap-security-guide.spec file is new spec file, which is dedicated for
purpose of building Fedora source RPM and RPM packages, from the actual
content (see also added 'fedora-tarball', 'fedora-srpm', and 'fedora-rpm'
rules to the main Makefile).

'transforms' directory contains Python language scripts and XSLT transformation
files, necessary for building Fedora OVAL, XCCDF, and HTML guide content.

Finally, the 'utils' directory contains Python scripts necessary for generated
XML files validation (just the verify-references.py script is included for now).

The above directory structure is intended to be Fedora SCAP content skeleton
structure. More content (rules, profiles, etc.) will be gradually provided
in upcoming commits.

Please review the proposed changes and let me know your opinion.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team

Jan Lieskovsky (8):
  Add Makefile, main README, and scap-security-guide.spec file, that
    will be used for building Fedora scap-security-guide (source) RPM
    package.
  Add FEDORA input/checks subdir content - Fedora-19 system detection
    and oval definitions for two gpgcheck related tests. Include Fedora
    CPE dictionary too.
  Add Fedora-19 basic guide XML (and corresponding XSLT) files.
  Add Introduction XML file, test profile XML definition, and System
    Settings XML file.
  Add 'Installing and Maintaining Software' and 'Updating Software' XML
    files.
  Add transformation *.py scripts and *.xslt content, required for
    building Fedora's XCCDF, OVAL, and guide content.
  Add verify-references.py testing script (required for validation of
    generated XML files), and corresponding README file for it.
  Update main Makefile with FEDORA_SPEC, FEDORA_RPM_DEPS variables, and
    fedora-tarball, fedora-srpm, and fedora-rpm rules definition, so it
    would be possible to create Fedora (source) RPM package from FEDORA
    directory content.

 FEDORA/Makefile                                    |  58 +++
 FEDORA/README                                      |  30 ++
 .../checks/ensure_gpgcheck_never_disabled.xml      |  29 ++
 FEDORA/input/checks/installed_OS_is_fedora19.xml   |  41 ++
 .../checks/platform/fedora-cpe-dictionary.xml      |  10 +
 .../checks/yum_gpgcheck_global_activation.xml      |  25 ++
 FEDORA/input/guide.xml                             |  40 ++
 FEDORA/input/guide.xslt                            | 148 ++++++
 FEDORA/input/intro/intro.xml                       | 167 +++++++
 FEDORA/input/profiles/test.xml                     |   8 +
 FEDORA/input/system/software/software.xml          |   8 +
 FEDORA/input/system/software/updating.xml          |  72 +++
 FEDORA/input/system/system.xml                     |   4 +
 FEDORA/scap-security-guide.spec                    |  53 +++
 FEDORA/transforms/combinechecks.py                 |  79 ++++
 FEDORA/transforms/constants.xslt                   |  21 +
 FEDORA/transforms/cpe_generate.py                  | 112 +++++
 FEDORA/transforms/idtranslate.py                   | 138 ++++++
 FEDORA/transforms/relabelids.py                    | 108 +++++
 FEDORA/transforms/shorthand2xccdf.xslt             | 494 +++++++++++++++++++++
 FEDORA/transforms/xccdf-removeaux.xslt             |  22 +
 FEDORA/transforms/xccdf-removetested.xslt          |  20 +
 FEDORA/utils/README                                |  24 +
 FEDORA/utils/verify-references.py                  | 185 ++++++++
 Makefile                                           |  42 ++
 25 files changed, 1938 insertions(+)
 create mode 100644 FEDORA/Makefile
 create mode 100644 FEDORA/README
 create mode 100644 FEDORA/input/checks/ensure_gpgcheck_never_disabled.xml
 create mode 100644 FEDORA/input/checks/installed_OS_is_fedora19.xml
 create mode 100644 FEDORA/input/checks/platform/fedora-cpe-dictionary.xml
 create mode 100644 FEDORA/input/checks/yum_gpgcheck_global_activation.xml
 create mode 100644 FEDORA/input/guide.xml
 create mode 100644 FEDORA/input/guide.xslt
 create mode 100644 FEDORA/input/intro/intro.xml
 create mode 100644 FEDORA/input/profiles/test.xml
 create mode 100644 FEDORA/input/system/software/software.xml
 create mode 100644 FEDORA/input/system/software/updating.xml
 create mode 100644 FEDORA/input/system/system.xml
 create mode 100644 FEDORA/scap-security-guide.spec
 create mode 100755 FEDORA/transforms/combinechecks.py
 create mode 100644 FEDORA/transforms/constants.xslt
 create mode 100755 FEDORA/transforms/cpe_generate.py
 create mode 100755 FEDORA/transforms/idtranslate.py
 create mode 100755 FEDORA/transforms/relabelids.py
 create mode 100644 FEDORA/transforms/shorthand2xccdf.xslt
 create mode 100644 FEDORA/transforms/xccdf-removeaux.xslt
 create mode 100644 FEDORA/transforms/xccdf-removetested.xslt
 create mode 100644 FEDORA/utils/README
 create mode 100755 FEDORA/utils/verify-references.py

-- 
1.7.11.7


_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide






















					Reply via email to