[BugFix] [RHEL/6] One instance of "xccdf_org.ssgproject.content_benchmark_RHEL-6 - For each <xccdf:Benchmark>, <xccdf:Profile>, <xccdf:Value>, <xccdf:Group>, and <xccdf:Rule> element, a <xccdf:description> SHALL be provided. " error

[iankko]

Validating the RHEL-6 USGCB benchmark against NIST SCAP content testsuite on 2016-01-18 (https://jlieskov.fedorapeople.org/2016-03-18-scap-validation-result.html) returns one instance of the following error:

10-1    1
(of 1)  ERROR   SCHEMATRON
xccdf_org.ssgproject.content_benchmark_RHEL-6 - For each <xccdf:Benchmark>, <xccdf:Profile>,
<xccdf:Value>, <xccdf:Group>, and <xccdf:Rule> element, a <xccdf:description> SHALL be 
provided.

/*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2']
[1]/*:component[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2']
[2]/*:Benchmark[namespace-uri()='http://checklists.nist.gov/xccdf/1.2'][1]

every $m in (. union .//xccdf:Profile union .//xccdf:Value union
.//xccdf:Group union .//xccdf:Rule)
satisfies exists($m/xccdf:description)

[iankko]

Moving back to the pool so others can have a look too.

[mpreisler]

These are commands I used to check what we are missing:

xpath ./ssg-rhel7-xccdf.xml "//Benchmark[not(description)]"
xpath ./ssg-rhel7-xccdf.xml "//Profile[not(description)]"
xpath ./ssg-rhel7-xccdf.xml "//Rule[not(description)]"
xpath ./ssg-rhel7-xccdf.xml "//Value[not(description)]"

All of these are clean. The culprit is Groups:

$ xpath ./ssg-rhel7-xccdf.xml "//Group[not(description)]/@id"
Found 3 nodes:
-- NODE --
 id="system"-- NODE --
 id="disabling_vsftpd"-- NODE --
 id="ftp_use_vsftpd"

I will add some descriptions to these 3 groups to fix this.

[iankko]

https://github.com/OpenSCAP/scap-security-guide/pull/1102 got merged already.

This issue is fixed:

• RHEL/6:

$  xpath ./ssg-rhel6-xccdf.xml "//Group[not(description)]/@id"
No nodes found

• RHEL/7

 xpath ./ssg-rhel7-xccdf.xml "//Group[not(description)]/@id"
No nodes found

Closing. Thank you for the change!