Hi all,
as briefly mentioned already in yesterdays’ Contributor Workshop,
our customer wants to enrich the SSG content by adding references to their internal security requirements.
I wonder how I could add my own Security Identifiers, because when trying to simply add e.g. a „customerident“ attribute into the shorthand XCCDF as per below,
my build fails with:
[...]
xmllint --format --output output/shorthand.xml output/shorthand.xml
xsltproc --stringparam ssg_version "0.1.27" -o output/xccdf-unlinked-unresolved.xml transforms/shorthand2xccdf.xslt output/shorthand.xml
oscap xccdf resolve -o output/xccdf-unlinked-empty-groups.xml output/xccdf-unlinked-unresolved.xml
File 'output/xccdf-unlinked-unresolved.xml' line 153: Element '{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is required but missing.
File 'output/xccdf-unlinked-unresolved.xml' line 167: Element '{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is required but missing.
File 'output/xccdf-unlinked-unresolved.xml' line 182: Element '{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is required but missing.
File 'output/xccdf-unlinked-unresolved.xml' line 190: Element '{http://checklists.nist.gov/xccdf/1.1}ident': The attribute 'system' is required but missing.
Invalid XCCDF Checklist content(1.1) in output/xccdf-unlinked-unresolved.xml.
../../shared/product-make.include:60: recipe for target 'output/xccdf-unlinked-empty-groups.xml' failed
make: *** [output/xccdf-unlinked-empty-groups.xml] Error 1
Do I have to „register“/„declare“ the new identifier type, and if so where and how?
Example of what I'm trying to achieve:
<Rule id="sshd_allow_only_protocol2">
<title>My Title</title>
<description>My description</description>
<rationale>My rationale</rationale>
<ident cce="27072-8" customerident="1234" stig="RHEL-06-000227"/>
<oval id="sshd_allow_only_protocol2"/>
<ref disa="776,774,1436" nist="AC-3(10),IA-5(1)(c)"/>
</Rule>
Any pointers highly appreciated :-) !
Thanks & regards
Oliver