Hello list,
If someone wants to play with DataStream file format which comes with SCAP 1.2 specification. He (or she) can use the latest OpenSCAP to convert SSG to DataStream.
I have written step-by-step instructions how to convert USGCB to DataStream: http://isimluk.livejournal.com/3660.html
Best regards,
On 4/24/13 6:36 AM, Simon Lukasik wrote:
Hello list,
If someone wants to play with DataStream file format which comes with SCAP 1.2 specification. He (or she) can use the latest OpenSCAP to convert SSG to DataStream.
I have written step-by-step instructions how to convert USGCB to DataStream:http://isimluk.livejournal.com/3660.html
Best regards,
Thank you! I'm about to hop on a plane and will try this out.
$ oscap ds sds-compose output/ssg-rhel6-xccdf.xml ssg-rhel6-xccdf-ds.xml File '/var/www/html/scap-security-guide/RHEL6/ssg-rhel6-xccdf-ds.xml' line 15609: Element '{http://checklists.nist.gov/xccdf/1.1%7DBenchmark': This element is not expected. Expected is one of ( {http://checklists.nist.gov/xccdf/1.2%7DBenchmark, {http://oval.mitre.org/XMLSchema/oval-definitions-5%7Doval_definitions, {http://scap.nist.gov/schema/ocil/2.0%7Docil, {http://cpe.mitre.org/dictionary/2.0%7Dcpe-list, {http://checklists.nist.gov/xccdf/1.2%7DTailoring ). Invalid SCAP Source Datastream content(1.2) in /var/www/html/scap-security-guide/RHEL6/ssg-rhel6-xccdf-ds.xml.
Clearly we have some items to clean up.
On 04/24/2013 01:44 PM, Shawn Wells wrote:
On 4/24/13 6:36 AM, Simon Lukasik wrote:
Hello list,
If someone wants to play with DataStream file format which comes with SCAP 1.2 specification. He (or she) can use the latest OpenSCAP to convert SSG to DataStream.
I have written step-by-step instructions how to convert USGCB to DataStream:http://isimluk.livejournal.com/3660.html
Best regards,
Thank you! I'm about to hop on a plane and will try this out.
$ oscap ds sds-compose output/ssg-rhel6-xccdf.xml ssg-rhel6-xccdf-ds.xml File '/var/www/html/scap-security-guide/RHEL6/ssg-rhel6-xccdf-ds.xml' line 15609: Element '{http://checklists.nist.gov/xccdf/1.1%7DBenchmark': This element is not expected. Expected is one of ( {http://checklists.nist.gov/xccdf/1.2%7DBenchmark, {http://oval.mitre.org/XMLSchema/oval-definitions-5%7Doval_definitions, {http://scap.nist.gov/schema/ocil/2.0%7Docil, {http://cpe.mitre.org/dictionary/2.0%7Dcpe-list, {http://checklists.nist.gov/xccdf/1.2%7DTailoring ). Invalid SCAP Source Datastream content(1.2) in /var/www/html/scap-security-guide/RHEL6/ssg-rhel6-xccdf-ds.xml.
Have you perhaps skipped the second `xsltproc' command from the example?
""" within DataStream file format, there is only XCCDF 1.2 allowed """
On 4/24/13 1:28 PM, Simon Lukasik wrote:
On 04/24/2013 01:44 PM, Shawn Wells wrote:
On 4/24/13 6:36 AM, Simon Lukasik wrote:
Hello list,
If someone wants to play with DataStream file format which comes with SCAP 1.2 specification. He (or she) can use the latest OpenSCAP to convert SSG to DataStream.
I have written step-by-step instructions how to convert USGCB to DataStream:http://isimluk.livejournal.com/3660.html
Best regards,
Thank you! I'm about to hop on a plane and will try this out.
$ oscap ds sds-compose output/ssg-rhel6-xccdf.xml ssg-rhel6-xccdf-ds.xml File '/var/www/html/scap-security-guide/RHEL6/ssg-rhel6-xccdf-ds.xml' line 15609: Element '{http://checklists.nist.gov/xccdf/1.1%7DBenchmark': This element is not expected. Expected is one of ( {http://checklists.nist.gov/xccdf/1.2%7DBenchmark, {http://oval.mitre.org/XMLSchema/oval-definitions-5%7Doval_definitions, {http://scap.nist.gov/schema/ocil/2.0%7Docil, {http://cpe.mitre.org/dictionary/2.0%7Dcpe-list, {http://checklists.nist.gov/xccdf/1.2%7DTailoring ). Invalid SCAP Source Datastream content(1.2) in /var/www/html/scap-security-guide/RHEL6/ssg-rhel6-xccdf-ds.xml.
Have you perhaps skipped the second `xsltproc' command from the example?
""" within DataStream file format, there is only XCCDF 1.2 allowed """
There's a bit of cleanup still needed within our XCCDF. I won't have time to look into this for a few days, if anyone else is feeling ambitious....
[shawn@rhel6 output]$ xsltproc --stringparam reverse_DNS com.madethisup \
/usr/share/openscap/xsl/xccdf_1.1_to_1.2.xsl \ ssg-rhel6-xccdf.xml \
ssg-rhel6-xccdf-1.2.xml
[shawn@rhel6 output]$ oscap xccdf validate ssg-rhel6-xccdf-1.2.xml File 'ssg-rhel6-xccdf-1.2.xml' line 248: Element '{http://checklists.nist.gov/xccdf/1.2%7Drefine-value', attribute 'idref': 'dangling reference to sysctl_net_ipv4_icmp_ignore_bogus_error_messages_value!' is not a valid value of the atomic type 'xs:NCName'. File 'ssg-rhel6-xccdf-1.2.xml' line 248: Element '{http://checklists.nist.gov/xccdf/1.2%7Drefine-value', attribute 'idref': Warning: No precomputed value available, the value was either invalid or something strange happend. File 'ssg-rhel6-xccdf-1.2.xml' line 487: Element '{http://checklists.nist.gov/xccdf/1.2%7Drefine-value', attribute 'idref': 'dangling reference to sysctl_net_ipv4_icmp_ignore_bogus_error_messages_value!' is not a valid value of the atomic type 'xs:NCName'. File 'ssg-rhel6-xccdf-1.2.xml' line 487: Element '{http://checklists.nist.gov/xccdf/1.2%7Drefine-value', attribute 'idref': Warning: No precomputed value available, the value was either invalid or something strange happend. File 'ssg-rhel6-xccdf-1.2.xml' line 707: Element '{http://checklists.nist.gov/xccdf/1.2%7Drefine-value', attribute 'idref': 'dangling reference to sysctl_net_ipv4_icmp_ignore_bogus_error_messages_value!' is not a valid value of the atomic type 'xs:NCName'. File 'ssg-rhel6-xccdf-1.2.xml' line 707: Element '{http://checklists.nist.gov/xccdf/1.2%7Drefine-value', attribute 'idref': Warning: No precomputed value available, the value was either invalid or something strange happend. File 'ssg-rhel6-xccdf-1.2.xml' line 932: Element '{http://checklists.nist.gov/xccdf/1.2%7Drefine-value', attribute 'idref': 'dangling reference to sysctl_net_ipv4_icmp_ignore_bogus_error_messages_value!' is not a valid value of the atomic type 'xs:NCName'. File 'ssg-rhel6-xccdf-1.2.xml' line 932: Element '{http://checklists.nist.gov/xccdf/1.2%7Drefine-value', attribute 'idref': Warning: No precomputed value available, the value was either invalid or something strange happend. File 'ssg-rhel6-xccdf-1.2.xml' line 1191: Element '{http://checklists.nist.gov/xccdf/1.2%7Drefine-value', attribute 'idref': 'dangling reference to sysctl_net_ipv4_icmp_ignore_bogus_error_messages_value!' is not a valid value of the atomic type 'xs:NCName'. File 'ssg-rhel6-xccdf-1.2.xml' line 1191: Element '{http://checklists.nist.gov/xccdf/1.2%7Drefine-value', attribute 'idref': Warning: No precomputed value available, the value was either invalid or something strange happend. Invalid XCCDF Checklist content(1.2) in ssg-rhel6-xccdf-1.2.xml.
scap-security-guide@lists.fedorahosted.org
-
Shawn Wells -
Šimon Lukašík