[PATCH] transform designed to remove the 'tested by' information
by David Smith
---
RHEL6/transforms/xccdf-removetested.xslt | 23 +++++++++++++++++++++++
1 files changed, 23 insertions(+), 0 deletions(-)
create mode 100644 RHEL6/transforms/xccdf-removetested.xslt
diff --git a/RHEL6/transforms/xccdf-removetested.xslt b/RHEL6/transforms/xccdf-removetested.xslt
new file mode 100644
index 0000000..e94f3da
--- /dev/null
+++ b/RHEL6/transforms/xccdf-removetested.xslt
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:dc="http://purl.org/dc/elements/1.1/"
+xmlns:xhtml="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xccdf">
+
+<!-- This transform removes test contributor information from the XCCDF document. -->
+
+
+ <!-- remove the test contributor name from final output -->
+ <xsl:template match="dc:contributor">
+ </xsl:template>
+
+ <!-- remove the test contribution date from final output -->
+ <xsl:template match="dc:date">
+ </xsl:template>
+
+ <!-- copy everything else through to final output -->
+ <xsl:template match="@*|node()">
+ <xsl:copy>
+ <xsl:apply-templates select="@*|node()" />
+ </xsl:copy>
+ </xsl:template>
+
+</xsl:stylesheet>
--
1.7.1
10 years, 10 months
[PATCH] Removing a newline to fix XHTML formatting
by Maura Dailey
'<fix>' tags were surrounded with newlines in the final XHTML, which made formatting
and padding uneven. This tiny fix leaves the initial and final newlines, but doesn't
add additional newlines to the end of the body of the fix block. The resulting XHTML
looks a little strange in source but displays properly.
It's possible to remove the newline in the first out.write() call to create a neater
solution in source with no surrounding blank lines at all, but this requires that the
XSL transforms which create the final XHTML guide to be edited as well. (The <code>
tags normally inserted by the XSL transforms for <fix> tags in dbout.html for
db:programlisting have to be removed.)
Signed-off-by: Maura Dailey <maura(a)eclipse.ncsc.mil>
---
RHEL6/transforms/combinefixes.py | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/RHEL6/transforms/combinefixes.py b/RHEL6/transforms/combinefixes.py
index 307cac3..f9d8b7f 100755
--- a/RHEL6/transforms/combinefixes.py
+++ b/RHEL6/transforms/combinefixes.py
@@ -32,7 +32,7 @@ def main():
body = body + encode(f.read())
fixName = os.path.splitext(filename)[0]
out.write("<fix rule=\""+fixName+"\">\n")
- out.write(body+"\n")
+ out.write(body.rstrip())
out.write("</fix>\n")
out.write(fixGroupFooter)
@@ -45,7 +45,7 @@ def main():
body = body + encode(f.read())
fixName = os.path.splitext(filename)[0]
out.write("<fix-common id=\""+fixName+"\">\n")
- out.write(body+"\n")
+ out.write(body.rstrip())
out.write("</fix-common>\n")
out.write(fixCommonGroupFooter)
--
1.7.1
10 years, 10 months
[PATCH 0/2] *** SUBJECT HERE ***
by Jeffrey Blank
*** BLURB HERE ***
Jeffrey Blank (2):
removed obsolete LDAP guidance, checks
deletion of manual audit profile, OVAL for obsolete ldap server
checks
RHEL6/input/checks/iptables_ldap_enabled.xml | 68 ----
.../ldap_server_config_bdb_file_security.xml | 22 --
.../ldap_server_config_certificate_files.xml | 242 --------------
.../ldap_server_config_directory_file_security.xml | 22 --
RHEL6/input/checks/ldap_server_config_logging.xml | 115 -------
.../input/checks/ldap_server_config_olcaccess.xml | 56 ---
.../input/checks/ldap_server_config_olcrootpw.xml | 32 --
.../ldap_server_config_olcsecurity_simple_bind.xml | 31 --
.../checks/ldap_server_config_olcsecurity_tls.xml | 31 --
.../input/checks/ldap_server_config_olcsuffix.xml | 31 --
.../ldap_server_config_olctlsciphersuite.xml | 36 --
RHEL6/input/profiles/manual_audits.xml | 39 ---
RHEL6/input/services/ldap.xml | 351 ++-----------------
13 files changed, 37 insertions(+), 1039 deletions(-)
delete mode 100644 RHEL6/input/checks/iptables_ldap_enabled.xml
delete mode 100644 RHEL6/input/checks/ldap_server_config_bdb_file_security.xml
delete mode 100644 RHEL6/input/checks/ldap_server_config_certificate_files.xml
delete mode 100644 RHEL6/input/checks/ldap_server_config_directory_file_security.xml
delete mode 100644 RHEL6/input/checks/ldap_server_config_logging.xml
delete mode 100644 RHEL6/input/checks/ldap_server_config_olcaccess.xml
delete mode 100644 RHEL6/input/checks/ldap_server_config_olcrootpw.xml
delete mode 100644 RHEL6/input/checks/ldap_server_config_olcsecurity_simple_bind.xml
delete mode 100644 RHEL6/input/checks/ldap_server_config_olcsecurity_tls.xml
delete mode 100644 RHEL6/input/checks/ldap_server_config_olcsuffix.xml
delete mode 100644 RHEL6/input/checks/ldap_server_config_olctlsciphersuite.xml
delete mode 100644 RHEL6/input/profiles/manual_audits.xml
10 years, 10 months
scap-security-guide v0.1-10 released -- now with JBossEAP5!
by Shawn Wells
Friends,
A rebase of the scap-security-guide RPM was *long* overdue! Please
see the "Consume" section of the project wiki for download information:
https://fedorahosted.org/scap-security-guide/
Highlights of SSG v0.1-10 include:
- JBossEAP5 content! Utilizing content from the SCAP Security Guide
project, on 29-JAN-2013 Red Hat corporately submitted paperwork to DISA
FSO to begin the JBossEAP5 STIG process. SSG v0.1-10 reflects the OCIL,
OVAL, and XCCDF content of this submission. Please refer to
/usr/share/xml/scap/ssg/guide/JBossEAP5_Guide.html for details. We look
forward to your feedback via the SSG mailing list! [1]
- `man scap-security-guide` now provides sample usage of the content.
- Several bugfixes relating to OVAL content. Many thanks to Brian
Millet, Kenneth Stailey, Logan Rodrian, and all other members of the SSG
community for the reports and patches!
- The RHEL6 STIG profile was renamed "stig-rhel6-server"
- A RHEL6 checklist has been included
(/usr/share/xml/scap/ssg/guidestig-rhel6-server-guide.html). This
outlines what specific rules are currently part of the profile.
- A number of updates against NIST 800-53 mappings has been completed.
Please see files under /usr/share/xml/scap/ssg/policytables/.
[1] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
10 years, 11 months
[PATCH 0/3] changing some Rules to Groups
by Jeffrey Blank
Some prose from another source was added to the project as Rules and not as
Groups. As the original author of that source text, the intent was to educate
users for some special use cases and not to create compliance requirements. If
a compliance purpose is deemed necessary for those particular special-case
items, they would also need to be rewritten in a far more granular fashion.
Jeffrey Blank (3):
removed alt-titles-stig file, which is superseded by the stig-overlay
file
changed some iptables and ipv6 Rules to Groups
removed use of non-granular and special-case Rules from some Profiles
10 years, 11 months