usnistgov/macos_security
1
0
Fork 0
mirror of https://github.com/usnistgov/macos_security.git synced 2026-02-03 14:03:24 +00:00
Code Issues 21 Actions Packages Projects Releases Wiki Activity
Files
badf9847a3342cfacd7d680b344807ce966cabc7
macos_security/SCAP/Makefile
Bob Gendler badf9847a3 beautified oval and lowercased file name
2021-12-08 11:30:34 -05:00

76 lines
2.2 KiB
Makefile
Raw Blame History

XSLT = /usr/local/bin/saxon
TIDY = /usr/local/bin/tidy
VAL = java -Djava.protocol.handler.pkgs=sun.net.www.protocol -jar ~/Projects/scapval/scapval-1.3.5.jar
DIR = ../build/All_rules
VERSION = $(shell ./version.sh)
OS = $(shell ./os.sh)
all: generate_cpe inputs tidy XCCDF datastream report beautify
generate_cpe:
./generate_cpe.sh
inputs:
# generate the HTML checklist document
../scripts/generate_guidance.py -g ../baselines/all_rules.yaml 2>/dev/null
# generate the related OVAL content
../scripts/generate_oval.py ../baselines/all_rules.yaml
# outputs end up in ${DIR}
tidy:
# de-louse the input HTML
# DO NOT use the treacherous -indent option
${TIDY} --show-errors 0 \
--output-xml true \
--numeric-entities true \
--output-encoding utf8 \
--input-encoding utf8 \
--logical-emphasis true \
--drop-proprietary-attributes true \
--coerce-endtags true \
-output ${DIR}/all_rules.xhtml \
${DIR}/all_rules.html || echo untidy
XCCDF:
# generate the XCCDF document from the input
$(XSLT) -s:${DIR}/all_rules.xhtml \
-xsl:html-to-xccdf.xsl \
-o:${DIR}/xccdf.xml \
SCAP-version=1.3 \
id-namespace=content.mscp.nist.gov \
benchmark-id-suffix=macOS_${OS} \
OVAL-URI=${DIR}/all_rules.xml \
include-CPE=1
# the input OVAL document will be copied to a companion of the XCCDF document named 'oval.xml'
# a gratuitous OCIL document is provided
/bin/cp ocil.xml ${DIR}
/bin/cp macos-cpe-dictionary.xml ${DIR}
/bin/cp macos-cpe-oval.xml ${DIR}
datastream:
# generate the SCAP data stream collection document
$(XSLT) -s:${DIR}/xccdf.xml \
-xsl:xccdf-to-ds.xsl \
-o:${DIR}/datastream.xml \
SCAP-version=1.3 \
id-namespace=content.mscp.nist.gov \
datastream-id-suffix=macOS_${OS} \
include-CPE=1
report:
# generate an XCCDF report for quality assurance
$(XSLT) -s:${DIR}/xccdf.xml \
-xsl:xccdf-to-html.xsl \
-o:${DIR}/xccdf.html
beautify:
/usr/bin/xmllint ${DIR}/datastream.xml --format --output "${DIR}/macOS_${OS}_Security_Compliance_Benchmark-Rev${VERSION}.xml"
validate:
# validate the datastream using SCAP content validation tool
( cd ${DIR}; ${VAL} -scapversion 1.3 -online -file datastream.xml >scapval-report.txt )
# See ${DIR}/validation-report.html for results
Reference in New Issue View Git Blame Copy Permalink