On 11/16/12 10:20 PM, Michele Newman wrote:
RHEL6/input/profiles/STIG-server.xml | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/RHEL6/input/profiles/STIG-server.xml b/RHEL6/input/profiles/STIG-server.xml index b9709bd..280d092 100644 --- a/RHEL6/input/profiles/STIG-server.xml +++ b/RHEL6/input/profiles/STIG-server.xml @@ -2,6 +2,11 @@
<title>Pre-release Draft STIG for RHEL 6 Server</title> <description>This profile is being developed under the DoD consensus model to become a STIG in coordination with DISA FSO.</description>
+<select idref="requirement_unclear" selected="true"/> +<select idref="new_rule_needed" selected="true"/> +<select idref="met_inherently" selected="true"/> +<select idref="unmet_impractical_product" selected="true"/> +<select idref="unmet_impractical_guidance" selected="true"/>
<select idref="rpm_verify_permissions" selected="true"/> <select idref="rpm_verify_hashes" selected="true"/> <select idref="world_writeable_files" selected="true"/>
Undoing this, as these rules are not actual XCCDF and break things:
oscap xccdf eval --profile stig-server --cpe RHEL6/output/ssg-rhel6-cpe-dictionary.xml RHEL6/output/ssg-rhel6-xccdf.xml ... OpenSCAP Error: Selector ID(unmet_impractical_guidance) does not exist in Benchmark. [xccdf_policy.c:2207]
Please make sure to compile and run a scan to ensure patches don't bork things up ;)