Looks like the customization you made cannot be validated against the XCCDF schema. You would have to look at the schema to see how the <ident> element is defined. Keep in mind that any customization you make will have to be within the defined construct of <ident>.
Thanks, Wei Chen | Security Engineer | Office of Information Security (OIS) | U.S. Census Bureau [email protected] census.gov Connect with us on Social Media ------------------------------ Date: Tue, 12 Jan 2016 07:04:29 -0000 From: [email protected] Subject: Adding Custom "ident" Sources in shorthand XCCDFs To: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset="utf-8" Hi all, as briefly mentioned already in yesterdays’ Contributor Workshop, our customer wants to enrich the SSG content by adding references to their internal security requirements. I wonder how I could add my own Security Identifiers, because when trying to simply add e.g. a „customerident“ attribute into the shorthand XCCDF as per below, my build fails with: [...] xmllint --format --output output/shorthand.xml output/shorthand.xml xsltproc --stringparam ssg_version "0.1.27" -o output/xccdf-unlinked-unresolved.xml transforms/shorthand2xccdf.xslt output/shorthand.xml oscap xccdf resolve -o output/xccdf-unlinked-empty-groups.xml output/xccdf-unlinked-unresolved.xml File 'output/xccdf-unlinked-unresolved.xml' line 153: Element '{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is required but missing. File 'output/xccdf-unlinked-unresolved.xml' line 167: Element '{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is required but missing. File 'output/xccdf-unlinked-unresolved.xml' line 182: Element '{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is required but missing. File 'output/xccdf-unlinked-unresolved.xml' line 190: Element '{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is required but missing. Invalid XCCDF Checklist content(1.1) in output/xccdf-unlinked-unresolved.xml. ../../shared/product-make.include:60: recipe for target 'output/xccdf-unlinked-empty-groups.xml' failed make: *** [output/xccdf-unlinked-empty-groups.xml] Error 1 Do I have to „register“/„declare“ the new identifier type, and if so where and how? Example of what I'm trying to achieve: <Rule id="sshd_allow_only_protocol2"> <title>My Title</title> <description>My description</description> <rationale>My rationale</rationale> <ident cce="27072-8" customerident="1234" stig="RHEL-06-000227"/> <oval id="sshd_allow_only_protocol2"/> <ref disa="776,774,1436" nist="AC-3(10),IA-5(1)(c)"/> </Rule> Any pointers highly appreciated :-) ! Thanks & regards Oliver ------------------------------ Subject: Digest Footer -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/ ------------------------------ End of scap-security-guide Digest, Vol 53, Issue 2 ************************************************** -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
