Signed-off-by: Jeffrey Blank blank@eclipse.ncsc.mil --- RHEL6/Makefile | 2 +- RHEL6/transforms/constants.xslt | 1 + RHEL6/transforms/shorthand2xccdf.xslt | 33 ++++++++++++++++++---- RHEL6/transforms/xccdf2table-profileccirefs.xslt | 2 +- 4 files changed, 30 insertions(+), 8 deletions(-)
diff --git a/RHEL6/Makefile b/RHEL6/Makefile index 8049db1..27464bd 100644 --- a/RHEL6/Makefile +++ b/RHEL6/Makefile @@ -95,7 +95,7 @@ eval-ftp: oscap xccdf eval --profile ftp $(OUT)/rhel6-xccdf-$(ID).xml
eval-common: - oscap xccdf eval --profile common --results /tmp/results-test.xml $(OUT)/rhel6-xccdf-$(ID).xml + oscap xccdf eval --profile common --oval-results --results /tmp/results-test.xml $(OUT)/rhel6-xccdf-$(ID).xml
# items in dist are expected for distribution in an rpm dist: tables guide content diff --git a/RHEL6/transforms/constants.xslt b/RHEL6/transforms/constants.xslt index 29ce690..3159cc9 100644 --- a/RHEL6/transforms/constants.xslt +++ b/RHEL6/transforms/constants.xslt @@ -14,4 +14,5 @@
<xsl:variable name="ovaluri">http://oval.mitre.org/XMLSchema/oval-definitions-5</xsl:variable> <xsl:variable name="ociluri">http://www.mitre.org/ocil/2</xsl:variable> +<xsl:variable name="ociltransitional">ocil-transitional</xsl:variable> </xsl:stylesheet> diff --git a/RHEL6/transforms/shorthand2xccdf.xslt b/RHEL6/transforms/shorthand2xccdf.xslt index 200fb37..d899f48 100644 --- a/RHEL6/transforms/shorthand2xccdf.xslt +++ b/RHEL6/transforms/shorthand2xccdf.xslt @@ -166,12 +166,18 @@ exclude-result-prefixes="xccdf xhtml"> </xsl:template>
- <!-- expand reference to OCIL (inline) --> + <!-- expand reference to would-be OCIL (inline) --> <xsl:template match="Rule/ocil"> <check> - <xsl:attribute name="system"> - <xsl:value-of select="$ociluri" /> - </xsl:attribute> + <xsl:attribute name="system">ocil-transitional</xsl:attribute> + <xsl:if test="@clause"> + <check-export> + <xsl:attribute name="export-name">clause</xsl:attribute> + <xsl:attribute name="value-id"> + <xsl:value-of select="@clause" /> + </xsl:attribute> + </check-export> + </xsl:if> <check-content> <xsl:apply-templates select="node()"/> </check-content> @@ -205,10 +211,20 @@ exclude-result-prefixes="xccdf xhtml"> xhtml:pre# chkconfig <xsl:value-of select="@service"/> on</xhtml:pre> </xsl:template>
+ <xsl:template match="package-install-macro"> + The xhtml:code<xsl:value-of select="@package"/></xhtml:code> package can be installed with the following command: + xhtml:pre# yum install <xsl:value-of select="@package"/></xhtml:pre> + </xsl:template> + + <xsl:template match="package-remove-macro"> + The xhtml:code<xsl:value-of select="@package"/></xhtml:code> package can be removed with the following command: + xhtml:pre# yum erase <xsl:value-of select="@package"/></xhtml:pre> + </xsl:template> + <xsl:template match="partition-check-macro"> Run the following command to verify that xhtml:code<xsl:value-of select="@part"/></xhtml:code> lives on its own partition: - xhtml:pre# df -h <xsl:value-of select="@part"/> | grep "<xsl:value-of select="@part"/>"</xhtml:pre> - It will return a line for "<xsl:value-of select="@part"/>" if it is on its own partition. + xhtml:pre# df -h <xsl:value-of select="@part"/> </xhtml:pre> + It will return a line for xhtml:code<xsl:value-of select="@part"/></xhtml:code> if it is on its own partition. </xsl:template>
<xsl:template match="service-disable-check-macro"> @@ -225,6 +241,11 @@ exclude-result-prefixes="xccdf xhtml"> If the service is enabled, it should return: xhtml:pre<xsl:value-of select="@service"/> is running...</xhtml:pre> </xsl:template>
+ <xsl:template match="package-check-macro"> + Run the following command to determine if the xhtml:code<xsl:value-of select="@package"/></xhtml:code> package is installed: + xhtml:pre# rpm -q <xsl:value-of select="@package"/></xhtml:pre> + </xsl:template> + <!-- CORRECTING TERRIBLE ABUSE OF NAMESPACES BELOW --> <!-- (expanding xhtml tags back into the xhtml namespace) --> <xsl:template match="br"> diff --git a/RHEL6/transforms/xccdf2table-profileccirefs.xslt b/RHEL6/transforms/xccdf2table-profileccirefs.xslt index f5d22c1..1d9758f 100644 --- a/RHEL6/transforms/xccdf2table-profileccirefs.xslt +++ b/RHEL6/transforms/xccdf2table-profileccirefs.xslt @@ -147,7 +147,7 @@
<xsl:template match="cdf:check"> - <xsl:if test="@system=$ociluri"> + <xsl:if test="@system=$ociltransitional"> <xsl:apply-templates select="cdf:check-content" /> </xsl:if> <xsl:if test="@system=$ovaluri">