Running 'make' / 'make shorthand2xccdf' on current RHEL-7 content returns:
# make shorthand2xccdf xsltproc -o output/rhel7-shorthand.xml input/guide.xslt input/guide.xml input/services/ssh.xml:389: parser error : Double hyphen within comment: <!-- <ident cce="RHEL7-CCE-TBD" /> <! <!-- <oval id="sshd_strengthen_firewall" /> --> ^ input/services/dhcp.xml:157: parser error : Double hyphen within comment: <!--<ident cce="RHEL7-CCE-TBD" /> <ident cce="RHEL7-CC <!--<oval id="dhcp_server_minimize_served_info" /> --> ^ input/services/dhcp.xml:279: parser error : Double hyphen within comment: <!--<ident cce="RHEL7-CCE-TBD" /> <! <!--<oval id="dhcp_client_restrict_options" /> --> ^ Fix the issues by adding missing enclosing comments (after the change 'make shorthand2xccdf' on RHEL-7 content doesn't issue errors anymore). Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
From 3573e8496086efb41fc4c03a2e63bf9502ca1794 Mon Sep 17 00:00:00 2001 From: Jan Lieskovsky <[email protected]> Date: Fri, 10 Jan 2014 15:44:53 +0100 Subject: [PATCH] [RHEL-7] Silence three 'Double hyphen within comment' RHEL-7 make shorthand2xccdf parser errors Signed-off-by: Jan Lieskovsky <[email protected]> --- RHEL/7/input/services/dhcp.xml | 4 ++-- RHEL/7/input/services/ssh.xml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/RHEL/7/input/services/dhcp.xml b/RHEL/7/input/services/dhcp.xml index 93472ec..4c2bab7 100644 --- a/RHEL/7/input/services/dhcp.xml +++ b/RHEL/7/input/services/dhcp.xml @@ -153,7 +153,7 @@ usually static across machines at a given site.</warning> <ident cce="RHEL7-CCE-TBD" /> <ident cce="RHEL7-CCE-TBD" /> <ident cce="RHEL7-CCE-TBD" /> -<ident cce="RHEL7-CCE-TBD" /> +<ident cce="RHEL7-CCE-TBD" /> --> <!--<oval id="dhcp_server_minimize_served_info" /> --> <ref nist="CM-7" /> </Group> @@ -275,7 +275,7 @@ protocol is not in use. It is necessary to supersede settings for unused services so that they cannot be set by a hostile DHCP server. If an option is set to an empty string, dhclient will typically not attempt to configure the service.</warning> -<!--<ident cce="RHEL7-CCE-TBD" /> +<!--<ident cce="RHEL7-CCE-TBD" /> --> <!--<oval id="dhcp_client_restrict_options" /> --> <!--<ref nist="CM-7" /> --> </Group> diff --git a/RHEL/7/input/services/ssh.xml b/RHEL/7/input/services/ssh.xml index c25b6e9..7c9fb7f 100644 --- a/RHEL/7/input/services/ssh.xml +++ b/RHEL/7/input/services/ssh.xml @@ -385,7 +385,7 @@ and replace it with: <rationale> Restricting SSH access to only trusted network segments reduces exposure of the SSH server to attacks from unauthorized networks.</rationale> -<!-- <ident cce="RHEL7-CCE-TBD" /> +<!-- <ident cce="RHEL7-CCE-TBD" /> --> <!-- <oval id="sshd_strengthen_firewall" /> --> </Group> -- 1.8.3.1
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
