Looks like the customization you made cannot be validated against the XCCDF schema. You would have to look at the schema to see how the <ident> element is defined. Keep in mind that any customization you make will have to be within the defined construct of <ident>.
Thanks,
Wei Chen | Security Engineer | Office of Information Security (OIS) | U.S. Census Bureau wei.n.chen@census.gov census.gov Connect with us on Social Media
------------------------------
Date: Tue, 12 Jan 2016 07:04:29 -0000 From: oliver.skiebe@uniqpartners.com Subject: Adding Custom "ident" Sources in shorthand XCCDFs To: scap-security-guide@lists.fedorahosted.org Message-ID: 20160112070429.30053.38106@mailman01.phx2.fedoraproject.org Content-Type: text/plain; charset="utf-8"
Hi all,
as briefly mentioned already in yesterdays’ Contributor Workshop, our customer wants to enrich the SSG content by adding references to their internal security requirements.
I wonder how I could add my own Security Identifiers, because when trying to simply add e.g. a „customerident“ attribute into the shorthand XCCDF as per below, my build fails with:
[...] xmllint --format --output output/shorthand.xml output/shorthand.xml xsltproc --stringparam ssg_version "0.1.27" -o output/xccdf-unlinked-unresolved.xml transforms/shorthand2xccdf.xslt output/shorthand.xml oscap xccdf resolve -o output/xccdf-unlinked-empty-groups.xml output/xccdf-unlinked-unresolved.xml File 'output/xccdf-unlinked-unresolved.xml' line 153: Element '{http://checklists.nist.gov/xccdf/1.1%7Dident': The attribute 'system' is required but missing. File 'output/xccdf-unlinked-unresolved.xml' line 167: Element '{http://checklists.nist.gov/xccdf/1.1%7Dident': The attribute 'system' is required but missing. File 'output/xccdf-unlinked-unresolved.xml' line 182: Element '{http://checklists.nist.gov/xccdf/1.1%7Dident': The attribute 'system' is required but missing. File 'output/xccdf-unlinked-unresolved.xml' line 190: Element '{http://checklists.nist.gov/xccdf/1.1%7Dident': The attribute 'system' is required but missing. Invalid XCCDF Checklist content(1.1) in output/xccdf-unlinked-unresolved.xml. ../../shared/product-make.include:60: recipe for target 'output/xccdf-unlinked-empty-groups.xml' failed make: *** [output/xccdf-unlinked-empty-groups.xml] Error 1
Do I have to „register“/„declare“ the new identifier type, and if so where and how?
Example of what I'm trying to achieve:
<Rule id="sshd_allow_only_protocol2"> <title>My Title</title> <description>My description</description> <rationale>My rationale</rationale> <ident cce="27072-8" customerident="1234" stig="RHEL-06-000227"/> <oval id="sshd_allow_only_protocol2"/> <ref disa="776,774,1436" nist="AC-3(10),IA-5(1)(c)"/> </Rule>
Any pointers highly appreciated :-) !
Thanks & regards Oliver
------------------------------
Subject: Digest Footer
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/scap-security-guide@lists.fedorah... https://github.com/OpenSCAP/scap-security-guide/
------------------------------
End of scap-security-guide Digest, Vol 53, Issue 2 **************************************************
scap-security-guide@lists.fedorahosted.org
-
Wei N Chen (CENSUS/OIS FED)