search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.18k stars 694 forks source link

[BugFix] [RHEL/6] One instance of "Values of XCCDF datatype 'string', when bound to OVAL variables, the OVAL variables must be of the following OVAL types: string, evr_string, version, ios_version, fileset_revision, binary" error #1089

Closed iankko closed 8 years ago

iankko commented 8 years ago

When evaluating current SSG RHEL-6 benchmark with the SCAP NIST content testsuite on 2016-03-18 (https://jlieskov.fedorapeople.org/2016-03-18-scap-validation-result.html) there's one instance of the following error:

38-3    1(of 1)

ERROR   SCHEMATRON

scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml - Values of
XCCDF datatype 'string', when bound to OVAL variables, the OVAL variables must be of the
following OVAL types: string, evr_string, version, ios_version, fileset_revision, binary 

xccdf:Rule xccdf_org.ssgproject.content_rule_partition_for_tmp in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_partition_for_var in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_partition_for_var_log in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_partition_for_var_log_audit in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_partition_for_home in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_encrypt_partitions in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_ensure_redhat_gpgkey_installed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_aide_installed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_aide_build_database in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_aide_periodic_cron_checking in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_rpm_verify_permissions in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_rpm_verify_hashes in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_install_hids in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_install_antivirus in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_mount_option_noexec_removable_partitions in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_kernel_module_usb-storage_disabled in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_autofs_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_gconf_gnome_disable_automount in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_userowner_shadow_file in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_groupowner_shadow_file in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_etc_shadow in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_owner_etc_group in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_groupowner_etc_group in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_etc_group in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_owner_etc_gshadow in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_groupowner_etc_gshadow in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_etc_gshadow in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_owner_etc_passwd in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_groupowner_etc_passwd in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_etc_passwd in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_library_dirs in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_ownership_library_dirs in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_binary_dirs in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_ownership_binary_dirs in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_dir_perms_world_writable_sticky_bits in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_world_writable in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_sgid in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_unauthorized_suid in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_no_files_unowned_by_user in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_ungroupowned in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_dir_perms_world_writable_system_owned in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_umask_for_daemons in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_disable_users_coredumps in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_fs_suid_dumpable in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_kernel_exec_shield in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_kernel_randomize_va_space in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_kernel_dmesg_restrict in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_enable_selinux_bootloader in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_selinux_state in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_selinux_policytype in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_selinux_all_devicefiles_labeled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_no_direct_root_logins in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_securetty_root_login_console_only in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_restrict_serial_port_logins in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_no_root_webbrowsing in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_no_uid_except_zero in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_root_path_default in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_no_empty_passwords in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_all_shadowed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_gid_passwd_group_same in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_no_netrc_files in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_warn_age_login_defs in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_account_unique_name in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_account_temp_expire_date in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_display_login_attempts in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_pam_retry in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_pam_difok in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_pam_minclass in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_logindefs in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_libuserconf in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_root_path_dirs_no_write in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_home_dirs in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_umask_etc_bashrc in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_umask_etc_csh_cshrc in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_umask_etc_profile in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_accounts_umask_etc_login_defs in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_user_owner_grub_conf in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_group_owner_grub_conf in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_grub_conf in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_bootloader_password in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_require_singleuser_auth in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_reboot in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_disable_interactive_boot in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_gconf_gnome_screensaver_idle_delay in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_gconf_gnome_screensaver_idle_activation_enabled 
in ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_gconf_gnome_screensaver_lock_enabled in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_gconf_gnome_screensaver_mode_blank in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_screen_installed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_smartcard_auth in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_banner_etc_issue in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_gconf_gdm_enable_warning_gui_banner in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_gconf_gdm_set_login_banner_text in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_gconf_gdm_disable_user_list in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_send_redirects in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_send_redirects in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_accept_source_route in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_accept_source_route in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_accept_redirects in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_accept_redirects in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_secure_redirects in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_secure_redirects in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_log_martians in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_log_martians in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_source_route in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_source_route in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_redirects in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_redirects in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_secure_redirects in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_secure_redirects in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_icmp_echo_ignore_broadcasts in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_icmp_echo_ignore_broadcasts in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule 
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_icmp_ignore_bogus_error_responses in ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule 
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_icmp_ignore_bogus_error_responses in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_tcp_syncookies in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_tcp_syncookies in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_rp_filter in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_rp_filter in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_rp_filter in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_rp_filter in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_bluetooth_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_kernel_module_bluetooth_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_kernel_module_ipv6_option_disabled in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_ra in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_ra in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_redirects in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_redirects in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_ip6tables_enabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_set_ip6tables_default_rule in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_iptables_enabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_set_iptables_default_rule in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_set_iptables_default_rule_forward in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_kernel_module_dccp_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_kernel_module_sctp_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_kernel_module_rds_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_kernel_module_tipc_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_openswan_installed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_rsyslog_installed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_rsyslog_enabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_rsyslog_files_ownership in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_rsyslog_files_groupownership in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_rsyslog_files_permissions in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_rsyslog_remote_loghost in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_ensure_logrotate_activated in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_auditd_enabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_bootloader_audit_argument in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_auditd_data_retention_num_logs in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_auditd_data_retention_max_log_file_action in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_auditd_data_retention_space_left_action in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_auditd_data_retention_admin_space_left_action in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_auditd_data_retention_action_mail_acct in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_auditd_data_retention_flush in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_auditd_audispd_syslog_plugin_activated in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_time_adjtimex in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_time_settimeofday in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_time_stime in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_time_clock_settime in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_time_watch_localtime in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_usergroup_modification in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_networkconfig_modification in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_permissions_var_log_audit in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_file_ownership_var_log_audit in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_mac_modification in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chmod in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_chown in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmod in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchmodat in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchown in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fchownat in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fremovexattr in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_fsetxattr in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lchown in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lremovexattr in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_lsetxattr in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_removexattr in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_dac_modification_setxattr in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_unsuccessful_file_modification in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_media_export in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_file_deletion_events in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_sysadmin_actions in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_audit_rules_kernel_module_loading in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_xinetd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_xinetd_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_telnetd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_telnet-server_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_telnet_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_rsh-server_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_rexec_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_rsh_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_rsh_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_rlogin_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_no_rsh_trust_files in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_ypserv_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_ypbind_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_ypbind_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_tftp_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_tftp-server_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_tftp_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_tftpd_uses_secure_mode in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_talk-server_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_talk_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_abrtd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_acpid_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_certmonger_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_cgconfig_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_cgred_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_cpuspeed_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_haldaemon_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_irqbalance_enabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_kdump_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_mdmonitor_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_messagebus_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_netconsole_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_ntpdate_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_oddjobd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_portreserve_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_psacct_enabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_qpidd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_quota_nld_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_rdisc_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_rhnsd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_rhsmcertd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_saslauthd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_smartd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_sysstat_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_crond_enabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_disable_anacron in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_atd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sshd_allow_only_protocol2 in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sshd_set_keepalive in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sshd_disable_rhosts in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_disable_host_auth in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sshd_disable_root_login in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sshd_enable_warning_banner in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sshd_do_not_permit_user_env in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sshd_use_approved_ciphers in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sshd_use_approved_macs in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_xwindows_runlevel_setting in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_xorg-x11-server-common_removed in 
ds:data-stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_avahi-daemon_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_cups_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_dhcpd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_dhcp_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_sysconfig_networking_bootproto_ifcfg in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_ntpd_enabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_ntpd_specify_remote_server in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_postfix_enabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_sendmail_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_postfix_network_listening_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_ldap_client_start_tls in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_ldap_client_tls_cacertpath in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_openldap-servers_removed in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_nfs_no_anonymous in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_nfs_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_rpcsvcgssd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_mount_option_nodev_remote_filesystems in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_mount_option_nosuid_remote_filesystems in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_no_insecure_locks_exports in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_named_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_bind_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_vsftpd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_vsftpd_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_ftp_log_transactions in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_ftp_present_banner in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_httpd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_httpd_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_dovecot_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_dovecot_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_smb_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_samba_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_require_smb_client_signing in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_mount_option_smb_client_signing in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_squid_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_squid_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_service_snmpd_disabled in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_package_net-snmp_removed in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_snmpd_use_newer_protocol in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_snmpd_not_default_password in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_met_inherently_generic in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_met_inherently_auditing in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_met_inherently_nonselected in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_unmet_nonfinding_nonselected_scope in ds:data-
stream scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_unmet_finding_nonselected in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_unmet_nonfinding_scope in ds:data-stream 
scap_org.open-scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

xccdf:Rule xccdf_org.ssgproject.content_rule_update_process in ds:data-stream scap_org.open-
scap_datastream_from_xccdf_ssg-rhel6-xccdf-1.2.xml

Schematron Context:

/*:data-stream-collection[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]/*:data-
stream[namespace-uri()='http://scap.nist.gov/schema/scap/source/1.2'][1]    every $m in 
ds:checklists/ds:component-ref satisfies every $n in xcf:get-component($m)//xccdf:check-export 
satisfies ( not(matches($n/ancestor::xccdf:Benchmark//xccdf:Value[@id eq $n/@value-id]/@type, 
'^string$')) or (every $o in $n/following-sibling::xccdf:check-content-ref satisfies matches(xcf:get-
component(xcf:get-component-ref($m/cat:catalog, $o/@href))//*[@id eq $n/@export-
name]/@datatype, '^(string|evr_string|version|ios_version|fileset_revision|binary)$')))
iankko commented 8 years ago

I am temporarily re-opening this issue. The SSG content has been fixed (thanks to Martin for review of the referenced PR!).

But we also need NIST to confirm the tool shouldn't be checking this test for OCIL check system (just to be sure). Will close again once they confirm.

iankko commented 8 years ago

The scap-security-guide-nist-testsuite Jenkins job has been modified to whitelist the error message for this particular error (see the next comment for explanation why):

ERROR: SCHEMATRON - [ssg-rhel6-ds.xml] scap_org.open-scap_datastream_from_
xccdf_ssg-rhel6-xccdf-1.2.xml - Values of XCCDF datatype 'string', when bound
to OVAL variables, the OVAL variables must be of the following OVAL types:
string, evr_string, version, ios_version, fileset_revision, binary
iankko commented 8 years ago

The XCCDF to OVAL datatype export matching constrain has been corrected in SSG content. The remaining issue (reporting missing datatype constrain against the OCIL check system for the xccdf_org.ssgproject.content_value_conditional_clause xccdf:Value:

  <Value id="xccdf_org.ssgproject.content_value_conditional_clause" operator="equals" type="string">
    <title xml:lang="en-US">A conditional clause for check statements.</title>
    <description xml:lang="en-US">A conditional clause for check statements.</description>
    <value>This is a placeholder.</value>
  </Value>

is not the problem of the SSG content itself. But rather problem of the SCAP NIST content testsuite which should not verify the XCCDF-to-OVAL datatype export matching constraint for the OCIL check system (since in ocil there isn't variable, where the 'datatype' from xccdf:Value could be specified for).

This issue has been reported to ScapVal maintainers.