Thomas, I am going to offer an answer but I am not 100% certain it is correct.
At the start of each XCCDF XML file is a section that defines profiles using the <profile> tag. Within each profile tag is a list of rules that are checked (eg, selected=true) for that profile. To my knowledge, it is the setting in the profile tag overrides the selected=true in the actual rule. I found this counter intuitive to my experience with CSS in which the inline setting overrides the top of file setting. But from another perspective of you are evaluating the defined profile rather than a singe rule, so the order of overrides make sense. Greg Elin P: 917-304-3488 E: [email protected] Sent from my iPhone > On Jun 4, 2015, at 4:26 AM, thomas belarbi <[email protected]> wrote: > > Hello, > > I'm working currently on secure OS and I' ve to enforce a CentOS 7 > I get with yum the package scap-security-guide. > I adapt xml files (XCCDF) to work with CentOS 7 > I pass all the rule at "selected='true'" in different files : XCCDF, OVAL > I execute a run with oscap xccdf eval --profile "rht-ccp" > > I obtain 42 passed , 48 failed and 304 other > The "Other" are "notchecked" > > The current engine support all the rules ? Or not ? > > I assumed that the rule is postionned to "notchecked" if there is nothing to > check. > So , for example, I install "Squid" and rerun a global check and the rule > "Disable Squid", "Uninstall Squid" are still "notchecked" > > Can you guide me with my problem ? > > Thank you very very much if you can > > Thomas > > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
