Adding Custom "ident" Sources in shorthand XCCDFs

Mon, 11 Jan 2016 23:05:22 -0800 

Hi all,

as briefly mentioned already in yesterdays’ Contributor Workshop,
our customer wants to enrich the SSG content by adding references to their 
internal security requirements.

I wonder how I could add my own Security Identifiers, because when trying to 
simply add e.g. a „customerident“ attribute into the shorthand XCCDF as per 
below,
my build fails with:

[...]
xmllint --format --output output/shorthand.xml output/shorthand.xml
xsltproc --stringparam ssg_version "0.1.27" -o 
output/xccdf-unlinked-unresolved.xml transforms/shorthand2xccdf.xslt 
output/shorthand.xml
oscap xccdf resolve -o output/xccdf-unlinked-empty-groups.xml 
output/xccdf-unlinked-unresolved.xml
File 'output/xccdf-unlinked-unresolved.xml' line 153: Element 
'{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is 
required but missing.
File 'output/xccdf-unlinked-unresolved.xml' line 167: Element 
'{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is 
required but missing.
File 'output/xccdf-unlinked-unresolved.xml' line 182: Element 
'{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is 
required but missing.
File 'output/xccdf-unlinked-unresolved.xml' line 190: Element 
'{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is 
required but missing.
Invalid XCCDF Checklist content(1.1) in output/xccdf-unlinked-unresolved.xml.
../../shared/product-make.include:60: recipe for target 
'output/xccdf-unlinked-empty-groups.xml' failed
make: *** [output/xccdf-unlinked-empty-groups.xml] Error 1

Do I have to „register“/„declare“ the new identifier type, and if so where and 
how?

Example of what I'm trying to achieve:

 <Rule id="sshd_allow_only_protocol2">
   <title>My Title</title>
   <description>My description</description>
   <rationale>My rationale</rationale>
   <ident cce="27072-8" customerident="1234" stig="RHEL-06-000227"/>
   <oval id="sshd_allow_only_protocol2"/>
   <ref disa="776,774,1436" nist="AC-3(10),IA-5(1)(c)"/>
 </Rule>

Any pointers highly appreciated :-) !

Thanks & regards
Oliver
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
https://github.com/OpenSCAP/scap-security-guide/

Reply via email to