Comparison of SCAP-Security-Guide XCCDF and OVAL XML to EasySCAP YAML version

excerpt-ssg-rhel6-oval.xml

    <definition class="compliance" id="oval:ssg:def:671" version="1">
      <metadata>
        <title>Verify /etc/passwd Permissions</title>
        <affected family="unix">
          <platform>Red Hat Enterprise Linux 6</platform>
        </affected>
        <description>This test makes sure that /etc/passwd is owned by 0, group owned by 0, and has mode 0644. If
      the target file or directory has an extended ACL then it will fail the mode check.</description>
        <reference source="swells" ref_id="20130831" ref_url="test_attestation"/>
      <reference source="ssg" ref_id="file_permissions_etc_passwd"/></metadata>
      <criteria>
        <criterion test_ref="oval:ssg:tst:672"/>
      </criteria>
    </definition>

excerpt-ssg-rhel6-xccdf.xml

<Rule id="file_permissions_etc_passwd" selected="false" severity="medium">
            <title xml:lang="en-US">Verify Permissions on passwd File</title>
            <description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">
              
    To properly set the permissions of <xhtml:code>/etc/passwd</xhtml:code>, run the command:
    <xhtml:pre xml:space="preserve"># chmod 0644 /etc/passwd</xhtml:pre>
            </description>
            <reference href="http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf">AC-6</reference>
            <reference href="http://iase.disa.mil/cci/index.html">225</reference>
            <reference xmlns:dc="http://purl.org/dc/elements/1.1/" href="test_attestation">
              <dc:contributor>DS</dc:contributor>
              <dc:date>20121026</dc:date>
            </reference>
            <rationale xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">If the <xhtml:code>/etc/passwd</xhtml:code> file is writable by a group-owner or the
world the risk of its compromise is increased. The file contains the list of
accounts on the system and associated information, and protection of this file
is critical for system security.</rationale>
            <ident system="http://cce.mitre.org">CCE-26868-0</ident>
            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
              <check-content-ref name="oval:ssg:def:671" href="ssg-rhel6-oval.xml"/>
            </check>
            <check system="ocil-transitional">
              <check-export export-name="it does not" value-id="conditional_clause"/>
              <check-content xmlns:xhtml="http://www.w3.org/1999/xhtml">
              
    To check the permissions of <xhtml:code>/etc/passwd</xhtml:code>, run the command:
    <xhtml:pre>$ ls -l /etc/passwd</xhtml:pre>
    If properly configured, the output should indicate the following permissions:
    <xhtml:code>-rw-r--r--</xhtml:code>
            </check-content>
            </check>
          </Rule>

excerpt-ssg-rhel6-xccdf.yaml

id: xccdf_org.ssgproject.content_rule_file_permissions_etc_passwd
severity: medium
title: Verify Permissions on passwd File
description: |
  `/etc/passwd`, run the command:

  ~~~~ {xml:space="preserve"}
  # chmod 0644/etc/passwd
  ~~~~
rationale: |
  `/etc/passwd` file is writable by a group-owner or the world the risk of
  its compromise is increased. The file contains the list of accounts on
  the system and associated information, and protection of this file is
  critical for system security.
references:
- href: http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final.pdf
  value: AC-6
- href: http://iase.disa.mil/cci/index.html
  value: '225'
- href: test_attestation
  dc:contributor: DS
  dc:date: '20121026'
crosswalk:
- system: http://cce.mitre.org
  value: CCE-26868-0
tests:
- type: '{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}file_test'
  check: all
  check_existence: all_exist
  object:
    '{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}filepath': /etc/passwd
  state:
    '{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}suid':
      datatype: boolean
      value: 'false'
    '{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}sgid':
      datatype: boolean
      value: 'false'
    '{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}sticky':
      datatype: boolean
      value: 'false'
    '{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}uexec':
      datatype: boolean
      value: 'false'
    '{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}gwrite':
      datatype: boolean
      value: 'false'
    '{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}gexec':
      datatype: boolean
      value: 'false'
    '{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}owrite':
      datatype: boolean
      value: 'false'
    '{http://oval.mitre.org/XMLSchema/oval-definitions-5#unix}oexec':
      datatype: boolean
      value: 'false'

The OVAL definition XML is excerpted from the 12,907 line, 758 KB ssg-rhel6-oval.xml file.

The XCCDF rule XML is excerpted from the 17,776 line, 1.2 MB, ssg-rhel6-xccdf.xml file.

The EasySCAP YAML is the complete 56 line file_permissions_etc_passwd.yaml file located within easyscap-output-demo/ssgproject_system/permissions/files/permissions_important_account_files directory.

Referencing individual rules in the XML format requires use of XPath with defined name spaces. Referencing individual rules in the YAML format requires sharing a file path (directly mappable to a RESTful URL)