Hi, Was the commenting out result of some evaluation substituting specified values? Is there a step to revert this substitution (to have a roundtrip) ?
Jan On Mar 18, 2014, at 10:46, Simon Lukasik wrote: > Hello, > > I have noticed that in the content there is often xccdf:sub element > commented out (or even omitted). I wonder why these elements are > commented out. I thought, perhaps there was some problem in OpenSCAP > which have hold you from usage of sub elements. > > As a reminder, xccdf:sub elements can be used within a Rule's title, > description, or fix elements. Each xccdf:sub element refers to a XCCDF > variable. The value of variable depends on selected profile. During a > content processing, the xccdf:sub elements shall get resolved according > to the profile. > > I have recently reviewed and fixed OpenSCAP and SCAP-Workbench tools in > regard to the xccdf:sub processing. Please consider using/uncommneting > xccdf:sub elements. > > The following snippets from ssg-rhel6-xccdf.xml illustrate the current > (non-)usage of sub elements: > > (1) > PASS_MIN_LEN 14<!-- <sub > idref="var_accounts_password_minlen_login_defs"> --> > > (2) > the following lines in <xhtml:code>/etc/default/useradd</xhtml:code>, > substituting > <xhtml:code><i > xmlns="http://www.w3.org/1999/xhtml";>NUM_DAYS</i></xhtml:code> > appropriately: > <pre xmlns="http://www.w3.org/1999/xhtml";>INACTIVE=<i>NUM_DAYS</i></pre> > > (3) > to require differing > characters when changing passwords, substituting <i > xmlns="http://www.w3.org/1999/xhtml";>NUM</i> appropriately. > The DoD requirement is <xhtml:code>4</xhtml:code>. > > (4) > umask 077<!-- <sub idref="var_accounts_user_umask" /> --> > > (5) > Modify the following line, > substituting <i xmlns="http://www.w3.org/1999/xhtml";>ACTION</i> > appropriately: > <pre xmlns="http://www.w3.org/1999/xhtml";>space_left_action = > <i>ACTION</i></pre> > Possible values for <i xmlns="http://www.w3.org/1999/xhtml";>ACTION</i> > are described in the <xhtml:code>auditd.conf</xhtml:code> man page. > > -- > Simon Lukasik > Security Technologies, Red Hat, Inc. > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide Jan Ruzicka Senior Software Engineer Comtech Mobile Datacom Corporation 20430 Century Blvd, Germantown, MD 20874 Office: 240-686-3300 Fax: 240-686-3301 The information contained in this message may be privileged and/or confidential. If you are not the intended recipient, or responsible for delivering this message to the intended recipient, any review, forwarding, dissemination, distribution or copying of this communication or any attachment(s) is strictly prohibited. If you have received this message in error, please so notify the sender immediately, and delete it and all attachments from your computer and network. _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
