Use XCCDF 1.2 in explanation

author: Sven Vermeulen <sven.vermeulen@siphos.be> 2013-12-11 21:57:04 +0100
committer: Sven Vermeulen <sven.vermeulen@siphos.be> 2013-12-11 21:57:04 +0100
commit: e2889daaff3266ba8ce6e595ca6cd03a7a00a9a6 (patch)
tree: 84b8034776739d8125f9142d23d611b01683c010
parent: Now on wiki (diff)
download: hardened-docs-e2889daaff3266ba8ce6e595ca6cd03a7a00a9a6.tar.gz
hardened-docs-e2889daaff3266ba8ce6e595ca6cd03a7a00a9a6.tar.bz2
hardened-docs-e2889daaff3266ba8ce6e595ca6cd03a7a00a9a6.zip
1 files changed, 10 insertions, 3 deletions
diff --git a/xml/SCAP/openssh-xccdf.xml b/xml/SCAP/openssh-xccdf.xml
index 0230c63..7d031b1 100644
--- a/xml/SCAP/openssh-xccdf.xml
+++ b/xml/SCAP/openssh-xccdf.xml
@@ -50,7 +50,7 @@
         the following command is used to generate the HTML output:
         <h:br />
         <h:pre>### Command to generate this guide ###
-# <h:b>oscap xccdf generate guide scap-openssh-xccdf.xml &gt; output.html</h:b>
+# <h:b>oscap xccdf generate guide openssh-xccdf.xml &gt; guide-openssh-xccdf.html</h:b>
         </h:pre>
         <h:br />
         Secondly, together with this XCCDF XML, you will also find an OVAL XML file.
@@ -60,12 +60,19 @@
         <h:br />
         You can test the benchmark against your configuration.
         <h:pre>### Testing the rules mentioned in the XCCDF document ###
-# <h:b>oscap xccdf eval --profile Default scap-openssh-xccdf.xml</h:b></h:pre>
+# <h:b>oscap xccdf eval --cpe gentoo-cpe.xml --profile xccdf_org.gentoo.dev.swift_profile_default openssh-xccdf.xml</h:b></h:pre>
         <h:br />
         To generate a full report in HTML as well, you can use the next command:
         <h:pre>### Testing the rules and generating an HTML report ###
-# <h:b>oscap xccdf eval --profile Default --results xccdf-results.xml --report report.html scap-openssh-xccdf.xml</h:b></h:pre>
+# <h:b>oscap xccdf eval --cpe gentoo-cpe.xml --profile xccdf_org.gentoo.dev.swift_profile_default --results results-openssh-xccdf.xml --report report-openssh-xccdf.html openssh-xccdf.xml</h:b></h:pre>
         <h:br />
+	<h:br />
+	The benchmark is also available as data stream. In this case, you do not
+	need to provide the various files - all you need is the benchmark file. 
+	For instance:
+	<h:pre>### Testing the rules based on the data stream
+# <h:b>oscap xccdf eval --profile xccdf_org.gentoo.dev.swift_profile_default openssh-ds.xml</h:b></h:pre>
+	<h:br />
         Finally, this benchmark will suggest some settings which you do not want
         to enable. That is perfectly fine - even more, some settings might even
         raise eyebrows left and right. We'll try to document the reasoning behind
author	Sven Vermeulen <sven.vermeulen@siphos.be>	2013-12-11 21:57:04 +0100
committer	Sven Vermeulen <sven.vermeulen@siphos.be>	2013-12-11 21:57:04 +0100
commit	e2889daaff3266ba8ce6e595ca6cd03a7a00a9a6 (patch)
tree	84b8034776739d8125f9142d23d611b01683c010
parent	Now on wiki (diff)
download	hardened-docs-e2889daaff3266ba8ce6e595ca6cd03a7a00a9a6.tar.gz hardened-docs-e2889daaff3266ba8ce6e595ca6cd03a7a00a9a6.tar.bz2 hardened-docs-e2889daaff3266ba8ce6e595ca6cd03a7a00a9a6.zip