Hello list,
In the current content there seems to be mixed two approaches how to devise the ident:
(1) <ident system="http://cce.mitre.org">4365-3</ident> (2) <ident system="http://cce.mitre.org">CCE-4112-9</ident>
I would like to not mix two. For instance usgsb-for-rhel5-desktop uses exclusively the latter one. Even thought in the second approach there seems to be kind of duplicity, I prefer it.
Would be a patch converting (1) to (2) acceptable for you?
-- Simon Lukasik
Sure, I'd be happy to take that and apply it (and the argument for continuity from RHEL 5 USGCB makes sense). It should just be a tweak to shorthand2xccdf.xslt to add "CCE-" (and maybe then some tweaks to then remove "CCE-" for the transforms that create tables, where it doesn't need to be shown).
We're also working on the CCE issue, as new CCEs may be issued for RHEL6 (vs RHEL 5).
Thanks, Jeff
On 03/30/2012 08:32 AM, Simon Lukasik wrote:
Hello list,
In the current content there seems to be mixed two approaches how to devise the ident:
(1)<ident system="http://cce.mitre.org">4365-3</ident> (2)<ident system="http://cce.mitre.org">CCE-4112-9</ident>
I would like to not mix two. For instance usgsb-for-rhel5-desktop uses exclusively the latter one. Even thought in the second approach there seems to be kind of duplicity, I prefer it.
Would be a patch converting (1) to (2) acceptable for you?
-- Simon Lukasik _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/scap-security-guide
On 03/30/2012 04:58 PM, Jeffrey Blank wrote:
Sure, I'd be happy to take that and apply it (and the argument for continuity from RHEL 5 USGCB makes sense).
Great.
It should just be a tweak to
shorthand2xccdf.xslt to add "CCE-" (and maybe then some tweaks to then remove "CCE-" for the transforms that create tables, where it doesn't need to be shown).
I am attaching such patch.
The only problem I can see is that it produces also "CCE-TODO". We may want to comment these TODO out. Assuming that 0 idents per Rule is valid scenario.
We're also working on the CCE issue, as new CCEs may be issued for RHEL6 (vs RHEL 5).
Thanks, Jeff
On 03/30/2012 08:32 AM, Simon Lukasik wrote:
Hello list,
In the current content there seems to be mixed two approaches how to devise the ident:
(1)<ident system="http://cce.mitre.org">4365-3</ident> (2)<ident system="http://cce.mitre.org">CCE-4112-9</ident>
I would like to not mix two. For instance usgsb-for-rhel5-desktop uses exclusively the latter one. Even thought in the second approach there seems to be kind of duplicity, I prefer it.
Would be a patch converting (1) to (2) acceptable for you?
-- Simon Lukasik
scap-security-guide@lists.fedorahosted.org