[prev in list] [next in list] [prev in thread] [next in thread]
List: scap-security-guide
Subject: [PATCH] Do not select the Group but the Rule.
From: isimluk () fedoraproject ! org (Simon Lukasik)
Date: 2012-11-22 19:26:13
Message-ID: 50AE7C55.3030808 () fedoraproject ! org
[Download RAW message or body]
Oops, scratch that. I've just realized that these groups doesn't have
any rule yet.
Thus, more correct xpath check would be:
xpath ssg-rhel6-xccdf.xml '//Profile/select[(@selected != "false" or
@selected != "0") and @idref = //Group[/Rule]/@id]/@idref'
which is passing right now.
On 11/22/2012 07:27 PM, Simon Lukasik wrote:
> On 11/21/2012 05:48 PM, Jeffrey Blank wrote:
>> thanks -- please push!
>>
>
> Pushed. But I've just noticed there are two more bugs like this. The
> command:
>
> $ xpath ssg-rhel6-xccdf.xml \
> '//Profile/select[@idref = //Group/@id]/@idref'
>
> founds:
>
> idref="ftp_limit_users"-- NODE --
> idref="ftp_configure_firewall"
>
> We should really not be selecting the Groups but the Rules.
>
> However, I cannot fix this. As not being the content author, I am sure
> whether we want to have all the Rules of the given group
> (ftp_limit_users) to be selected. Could someone please check?
>
> Also, would it make sense to include such xpath check in the build process?
>
> Thanks,
>
> --
> Simon Lukasik
> _______________________________________________
> scap-security-guide mailing list
> scap-security-guide at lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic