1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146
|
<?xml version="1.0"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dc="http://purl.org/dc/elements/1.1/">
<!-- This transform assembles all fragments into one "shorthand" XCCDF document
Accepts the following parameters:
* SHARED_RP (required) Holds the resolved ABSOLUTE path
to the SSG's "shared/" directory.
* BUILD_RP (required) Holds the resolved ABSOLUTE path
to the SSG's build directory - $CMAKE_BINARY_PATH
-->
<!-- Define the default value of the required "SHARED_RP" parameter -->
<xsl:param name="SHARED_RP" select='undef' />
<xsl:param name="BUILD_RP" select='undef' />
<xsl:template match="Benchmark">
<xsl:copy>
<xsl:copy-of select="@*|node()" />
<!-- Adding profiles here -->
<xsl:apply-templates select="document('profiles/standard.xml')" />
<!-- Adding 'conditional_clause' placeholder <xccdf:Value> here -->
<Value id="conditional_clause" type="string" operator="equals">
<title>A conditional clause for check statements.</title>
<description>A conditional clause for check statements.</description>
<value>This is a placeholder.</value>
</Value>
<xsl:apply-templates select="document(concat($BUILD_RP, '/bash-remediation-functions.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/intro/shared_intro_os.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/system.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/services.xml'))" />
</xsl:copy>
</xsl:template>
<!-- Copy Group templates from ../shared/xccdf/shared_guide.xslt -->
<xsl:template match="Group[@id='system']">
<xsl:copy>
<xsl:copy-of select="@*|node()" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/software/software.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/permissions/permissions.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/selinux.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/accounts/accounts.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/network/network.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/logging.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/auditing.xml'))" />
</xsl:copy>
</xsl:template>
<xsl:template match="Group[@id='software']">
<xsl:copy>
<xsl:copy-of select="@*|node()" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/software/disk_partitioning.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/software/updating.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/software/integrity.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/software/gnome.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/software/sudo.xml'))" />
</xsl:copy>
</xsl:template>
<xsl:template match="Group[@id='accounts']">
<xsl:copy>
<xsl:copy-of select="@*|node()" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/accounts/restrictions/restrictions.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/accounts/pam.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/accounts/session.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/accounts/physical.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/accounts/banners.xml'))" />
</xsl:copy>
</xsl:template>
<xsl:template match="Group[@id='accounts-restrictions']">
<xsl:copy>
<xsl:copy-of select="@*|node()" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/accounts/restrictions/root_logins.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/accounts/restrictions/password_storage.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/accounts/restrictions/password_expiration.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/accounts/restrictions/account_expiration.xml'))" />
</xsl:copy>
</xsl:template>
<xsl:template match="Group[@id='permissions']">
<xsl:copy>
<xsl:copy-of select="@*|node()" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/permissions/partitions.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/permissions/mounting.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/permissions/files.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/permissions/execution.xml'))" />
</xsl:copy>
</xsl:template>
<xsl:template match="Group[@id='network']">
<xsl:copy>
<xsl:copy-of select="@*|node()" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/network/kernel.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/network/wireless.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/network/ipv6.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/network/firewalld.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/network/ssl.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/network/uncommon.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/system/network/ipsec.xml'))" />
</xsl:copy>
</xsl:template>
<xsl:template match="Group[@id='services']">
<xsl:copy>
<xsl:copy-of select="@*|node()" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/obsolete.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/base.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/cron.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/docker.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/ssh.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/sssd.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/xorg.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/avahi.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/printing.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/dhcp.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/ntp.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/mail.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/ldap.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/nfs.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/dns.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/ftp.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/http.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/imap.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/quagga.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/smb.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/squid.xml'))" />
<xsl:apply-templates select="document(concat($SHARED_RP, '/xccdf/services/snmp.xml'))" />
</xsl:copy>
</xsl:template>
<!-- copy everything else through to final output -->
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()" />
</xsl:copy>
</xsl:template>
</xsl:stylesheet>
|