Ok, so I've a rhel-6.3 system
[root@localhost checks]# uname -r
2.6.32-279.19.1.el6.x86_64
[root@localhost checks]# rpm -qa | grep libxslt
libxslt-1.1.26-2.el6_3.1.x86_64
I've been looking at the RHEL6/input/checks to see how it is done, and I
wanted to test the checks. So following the documentation
https://fedorahosted.org/scap-security-guide/wiki/newoval, I ran
'sshd_idle_timeout_value=30 ./testcheck.py sshd_idle_timeout.xml' and got
the following error:
[root@localhost checks]# sshd_idle_timeout_value=30 ./testcheck.py
sshd_idle_timeout.xml
external_variable with id : sshd_idle_timeout_value
Evaluating with OVAL tempfile : /tmp/sshd_idle_timeoutUDK_FW.xml
File '/tmp/sshd_idle_timeoutUDK_FW.xml' line 7: Element '{
http://oval.mitre.org/XMLSchema/oval-definitions-5}definition';, attribute
'id': [facet 'pattern'] The value
'oval:oval:scap-security-guide.testing:def:108' is not accepted by the
pattern 'oval:[A-Za-z0-9_\-\.]+:def:[1-9][0-9]*'.
Looking into the code, I see that idtranslate.idtranslator already is
adding the namespace to the id
str_id = "%s:%s:%s:%d" % (namespace_to_prefix(tagname), self.content_id,
tagname_to_abbrev(tagname), i)
So the 'oval:oval:scap-security-guide.testing:def:108' being generated is
redundant. the following patch fixes that.
[root@localhost checks]# diff -wruN testcheck.py.orig ./testcheck.py
--- testcheck.py.orig 2013-02-05 10:54:44.579854555 -0600
+++ ./testcheck.py 2013-02-05 10:54:57.889884072 -0600
@@ -102,7 +102,7 @@
if element.getchildren():
ovaltree.append(element)
# re-map all the element ids from meaningful names to meaningless
numbers
- testtranslator = idtranslate.idtranslator("testids.ini",
"oval:scap-security-guide.testing")
+ testtranslator = idtranslate.idtranslator("testids.ini",
"scap-security-guide.testing")
ovaltree = testtranslator.translate(ovaltree)
(ovalfile, fname) = tempfile.mkstemp(prefix=defname,suffix=".xml")
os.write(ovalfile, ET.tostring(ovaltree))
so now
[root@localhost checks]# sshd_idle_timeout_value=30 ./testcheck.py
sshd_idle_timeout.xml
external_variable with id : sshd_idle_timeout_value
Evaluating with OVAL tempfile : /tmp/sshd_idle_timeoutt_n33_.xml
Definition oval:scap-security-guide.testing:def:111: false
Definition oval:scap-security-guide.testing:def:109: false
Definition oval:scap-security-guide.testing:def:108: false
Evaluation done.
--
Brian Millett
"Shifts in paradigms
often cause nose bleeds."
Greg Glenn