-
Notifications
You must be signed in to change notification settings - Fork 207
SCAP Content Generation
Generation of SCAP content uses XSLT to create an XCCDF document with an accompanying OVAL document, bundled into an SCAP data stream collection document.
The supplied Makefile relies on the following components:
Note The version of tidy included in macOS is an out of date version that will not work.
Optional components
-
SCAP Content Validation Tool (SCAPVal) — See SCAP Content Validation Tool under "Tools". Version 1.3.5 or later is required.
If additional rules have been created, they must be included in the all_rules.yaml
baseline file to be included in the OVAL and SCAP.
-
Edit lines 1 and 2 of the
Makefile
to point the appropriate version of saxon and tidy-
Optional - Edit line 3 to point to the NIST SCAP Content Validation Tool(SCAPVal) if desired.
-
-
VERSION.yaml
must have a valid date in order to generate SCAP content. -
In the SCAP directory use the command
make
. This will generate-
Generate the "all rules" variable of the checklist in AsciiDoc form. -
all_rules.adoc
-
Generate the "all rules" variant of the checklist in HTML form. -
all_rules.html
-
Generate the "all rules" variant of the checklist in OVAL form. -
All_rules.xml
-
Generate the XCCDF document using the "all rules" checklist and OVAL as inputs. -
xccdf.xml
-
Generate a report from the XCCDF document to be used for quality checking. -
xccdf.html
-
Generate the SCAP data stream document using the XCCDF and OVAL documents. -
datastream.xml
-
The SCAP profiles are generated off of the tag
keywords found in each rule file excluding inherent
, permanent
, n_a
, none
, manual
, i386
, arm64
, supplemental
.
Different versions of the macOS will require changes to the CPE dictionary macos-cpe-dictionary.xml
and CPE Oval macos-cpe-oval.xml
to test the required version. And a chance to line 306 of the file html-to-xccdf.xsl
to the desired CPE of the platform.
<xsl:text>cpe:2.3:o:apple:mac_os_x:10.15:*:*:*:*:*:*:*</xsl:text>
-
The CPE Dictionary can be found at Official Common Platform Enumeration (CPE) Dictionary
That page has links to most of the SCAP-related normative documents.
An SCAP data stream (typically) consists of several XML documents knit together in a containing XML document. The component documents are - An XCCDF document - An OVAL document referenced by the XCCDF document - An OCIL document referenced by the XCCDF document - A CPE dictionary document referenced by the XCCDF document - An OVAL document referenced by the CPE dictionary document