From e2889daaff3266ba8ce6e595ca6cd03a7a00a9a6 Mon Sep 17 00:00:00 2001 From: Sven Vermeulen Date: Wed, 11 Dec 2013 21:57:04 +0100 Subject: Use XCCDF 1.2 in explanation --- xml/SCAP/openssh-xccdf.xml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/xml/SCAP/openssh-xccdf.xml b/xml/SCAP/openssh-xccdf.xml index 0230c63..7d031b1 100644 --- a/xml/SCAP/openssh-xccdf.xml +++ b/xml/SCAP/openssh-xccdf.xml @@ -50,7 +50,7 @@ the following command is used to generate the HTML output: ### Command to generate this guide ### -# oscap xccdf generate guide scap-openssh-xccdf.xml > output.html +# oscap xccdf generate guide openssh-xccdf.xml > guide-openssh-xccdf.html Secondly, together with this XCCDF XML, you will also find an OVAL XML file. @@ -60,12 +60,19 @@ You can test the benchmark against your configuration. ### Testing the rules mentioned in the XCCDF document ### -# oscap xccdf eval --profile Default scap-openssh-xccdf.xml +# oscap xccdf eval --cpe gentoo-cpe.xml --profile xccdf_org.gentoo.dev.swift_profile_default openssh-xccdf.xml To generate a full report in HTML as well, you can use the next command: ### Testing the rules and generating an HTML report ### -# oscap xccdf eval --profile Default --results xccdf-results.xml --report report.html scap-openssh-xccdf.xml +# oscap xccdf eval --cpe gentoo-cpe.xml --profile xccdf_org.gentoo.dev.swift_profile_default --results results-openssh-xccdf.xml --report report-openssh-xccdf.html openssh-xccdf.xml + + The benchmark is also available as data stream. In this case, you do not + need to provide the various files - all you need is the benchmark file. + For instance: + ### Testing the rules based on the data stream +# oscap xccdf eval --profile xccdf_org.gentoo.dev.swift_profile_default openssh-ds.xml + Finally, this benchmark will suggest some settings which you do not want to enable. That is perfectly fine - even more, some settings might even raise eyebrows left and right. We'll try to document the reasoning behind -- cgit v1.2.3-65-gdbad