|
On 07/02/2015 11:54 AM, Šimon Lukašík
wrote:
Hello XCCDF-Dev!
I am not sure whether this is the place to report issues against
XCCDF standard, XCCDF schema in particular, but I will take my
chances.
Ján Lieskovský (CC-ed) has found that XSD schema validation will
not always detect malformed XCCDF. Having good XSD schema is
critical for SCAP content authors at SCAP-Security-Guide project.
They use XSD schemas to ensure reasonable quality of their output.
The following case was not detected by XCCDF XSD validation:
XCCDF: https://isimluk.fedorapeople.org/ssg-rhel7-xccdf.xml
The PCI-DSS profile contains:
<select idref="service_chronyd_enabled" selected="true"/>
However, the content does no include Rule/Group element with such
ID. Similar defects of XCCDF content usually get caught by XSD.
What do you think?
Just catching up…
I had done something similar quite a few years ago (2008): https://xml.garygapinski.com/XCCDF/xccdf-1.1.4-exp.xsd.
Can likely revive this or work on SSG-related schemata improvements.
|
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
