openscap 0.4.9 → 0.5.1

data/test/data/invalid.xml

@@ -1,20 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" id="xccdf_moc.elpmaxe.www_benchmark_second">
-  <version>1.0</version>
-  <status>incomplete</status>
-  <Profile id="xccdf_moc.elpmaxe.www_profile_1">
-    <title>is kinda compulsory</title>
-    <select idref="xccdf_moc.elpmaxe.www_rule_second" selected="true"/>
-  </Profile>
-  <Profile id="xccdf_moc.elpmaxe.www_profile_2" extends="xccdf_moc.elpmaxe.www_profile_1">
-    <title>is kinda compulsory</title>
-    <select idref="xccdf_moc.elpmaxe.www_group_one" selected="true"/>
-  </Profile>
-  <Group selected="false" id="xccdf_moc.elpmaxe.www_group_one">
-    <Rule selected="false" id="xccdf_moc.elpmaxe.www_rule_second">
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref href="stub-oval.xml"/>
-      </check>
-    </Rule>
-  </Group>
-</Benchmark>

data/test/data/sds-complex.xml

@@ -1,132 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<ds:data-stream-collection xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" id="scap_org.open-scap_collection_from_xccdf_first-xccdf.xml" schematron-version="1.2">
-  <!-- This is bit more complex Datastream. The purpose is to test that scanner is able to find
-        * datastream-id scap_org.open-scap_datastream_tst2
-        * xccdf-id scap_org.open-scap_cref_second-xccdf.xml2
-        * profile xccdf_moc.elpmaxe.www_profile_2
-    -->
-  <ds:data-stream id="scap_org.open-scap_datastream_tst" scap-version="1.2" use-case="OTHER">
-    <ds:checklists>
-      <ds:component-ref id="scap_org.open-scap_cref_first-xccdf.xml" xlink:href="#scap_org.open-scap_comp_first-xccdf.xml">
-        <cat:catalog>
-          <cat:uri name="stub-oval.xml" uri="#scap_org.open-scap_cref_stub-oval.xml"/>
-        </cat:catalog>
-      </ds:component-ref>
-      <ds:component-ref id="scap_org.open-scap_cref_second-xccdf.xml" xlink:href="#scap_org.open-scap_comp_second-xccdf.xml">
-        <cat:catalog>
-          <cat:uri name="stub-oval.xml" uri="#scap_org.open-scap_cref_stub-oval.xml"/>
-        </cat:catalog>
-      </ds:component-ref>
-    </ds:checklists>
-    <ds:checks>
-      <ds:component-ref id="scap_org.open-scap_cref_stub-oval.xml" xlink:href="#scap_org.open-scap_comp_stub-oval.xml"/>
-    </ds:checks>
-  </ds:data-stream>
-  <ds:data-stream id="scap_org.open-scap_datastream_tst2" scap-version="1.2" use-case="OTHER">
-    <ds:checklists>
-      <ds:component-ref id="scap_org.open-scap_cref_first-xccdf.xml2" xlink:href="#scap_org.open-scap_comp_first-xccdf.xml">
-        <cat:catalog>
-          <cat:uri name="stub-oval.xml" uri="#scap_org.open-scap_cref_stub-oval.xml2"/>
-        </cat:catalog>
-      </ds:component-ref>
-      <ds:component-ref id="scap_org.open-scap_cref_second-xccdf.xml2" xlink:href="#scap_org.open-scap_comp_second-xccdf.xml2">
-        <cat:catalog>
-          <cat:uri name="stub-oval.xml" uri="#scap_org.open-scap_cref_stub-oval.xml2"/>
-        </cat:catalog>
-      </ds:component-ref>
-    </ds:checklists>
-    <ds:checks>
-      <ds:component-ref id="scap_org.open-scap_cref_stub-oval.xml2" xlink:href="#scap_org.open-scap_comp_stub-oval.xml"/>
-    </ds:checks>
-  </ds:data-stream>
-  <ds:component id="scap_org.open-scap_comp_stub-oval.xml" timestamp="2012-10-10T13:33:44">
-    <oval_definitions xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
-      <generator>
-        <oval:schema_version>5.10</oval:schema_version>
-        <oval:timestamp>0001-01-01T00:00:00+00:00</oval:timestamp>
-      </generator>
-      <definitions>
-        <definition class="compliance" version="1" id="oval:x:def:1">
-          <metadata>
-            <title>x</title>
-            <description>x</description>
-            <affected family="unix">
-              <platform>x</platform>
-            </affected>
-          </metadata>
-          <criteria comment="x">
-            <criterion test_ref="oval:x:tst:1"/>
-          </criteria>
-        </definition>
-      </definitions>
-      <tests>
-        <variable_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:tst:1" check="all" comment="x" version="1">
-          <object object_ref="oval:x:obj:1"/>
-        </variable_test>
-      </tests>
-      <objects>
-        <variable_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:x:obj:1" version="1" comment="x">
-          <var_ref>oval:x:var:1</var_ref>
-        </variable_object>
-      </objects>
-      <variables>
-        <constant_variable id="oval:x:var:1" version="1" comment="x" datatype="string">
-          <value>x</value>
-        </constant_variable>
-      </variables>
-    </oval_definitions>
-  </ds:component>
-  <ds:component id="scap_org.open-scap_comp_first-xccdf.xml" timestamp="2012-10-10T13:34:54">
-    <Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" id="xccdf_moc.elpmaxe.www_benchmark_first">
-      <status>incomplete</status>
-      <version>1.0</version>
-      <Rule selected="true" id="xccdf_moc.elpmaxe.www_rule_first">
-        <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" negate="true">
-          <check-content-ref href="stub-oval.xml"/>
-        </check>
-      </Rule>
-    </Benchmark>
-  </ds:component>
-  <ds:component id="scap_org.open-scap_comp_second-xccdf.xml2" timestamp="2012-10-10T13:34:54">
-    <Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" id="xccdf_moc.elpmaxe.www_benchmark_second">
-      <status>incomplete</status>
-      <version>1.0</version>
-      <Profile id="xccdf_moc.elpmaxe.www_profile_1">
-        <title>is kinda compulsory</title>
-        <select idref="xccdf_moc.elpmaxe.www_rule_second" selected="true"/>
-      </Profile>
-      <Profile id="xccdf_moc.elpmaxe.www_profile_2" extends="xccdf_moc.elpmaxe.www_profile_1">
-        <title>is kinda compulsory</title>
-        <select idref="xccdf_moc.elpmaxe.www_group_one" selected="true"/>
-      </Profile>
-      <Group selected="false" id="xccdf_moc.elpmaxe.www_group_one">
-        <Rule selected="false" id="xccdf_moc.elpmaxe.www_rule_second">
-          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <check-content-ref href="stub-oval.xml"/>
-          </check>
-        </Rule>
-      </Group>
-    </Benchmark>
-  </ds:component>
-  <ds:component id="scap_org.open-scap_comp_second-xccdf.xml" timestamp="2012-10-10T13:34:54">
-    <Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" id="xccdf_moc.elpmaxe.www_benchmark_second">
-      <status>incomplete</status>
-      <version>1.0</version>
-      <Profile id="xccdf_moc.elpmaxe.www_profile_1">
-        <title>is kinda compulsory</title>
-        <select idref="xccdf_moc.elpmaxe.www_rule_second" selected="true"/>
-      </Profile>
-      <Profile id="xccdf_moc.elpmaxe.www_profile_2" extends="xccdf_moc.elpmaxe.www_profile_1">
-        <title>is kinda compulsory</title>
-        <select idref="xccdf_moc.elpmaxe.www_rule_second" selected="true"/>
-      </Profile>
-      <Group selected="false" id="xccdf_moc.elpmaxe.www_group_one">
-        <Rule selected="false" id="xccdf_moc.elpmaxe.www_rule_second">
-          <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-            <check-content-ref href="stub-oval.xml"/>
-          </check>
-        </Rule>
-      </Group>
-    </Benchmark>
-  </ds:component>
-</ds:data-stream-collection>

data/test/data/tailoring.xml

@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<xccdf:Tailoring xmlns:xccdf="http://checklists.nist.gov/xccdf/1.2" id="xccdf_scap-workbench_tailoring_default">
-  <xccdf:benchmark href="/usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml"/>
-  <xccdf:version time="2016-11-10T11:24:26">1</xccdf:version>
-  <xccdf:Profile id="xccdf_org.ssgproject.content_profile_stig-firefox-upstream_customized" extends="xccdf_org.ssgproject.content_profile_stig-firefox-upstream">
-    <xccdf:title xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">Upstream Firefox STIG [CUSTOMIZED]</xccdf:title>
-    <xccdf:description xmlns:xhtml="http://www.w3.org/1999/xhtml" xml:lang="en-US">This profile is developed under the DoD consensus model and DISA FSO Vendor STIG process,
-serving as the upstream development environment for the Firefox STIG.
-
-As a result of the upstream/downstream relationship between the SCAP Security Guide project
-and the official DISA FSO STIG baseline, users should expect variance between SSG and DISA FSO content.
-For official DISA FSO STIG content, refer to http://iase.disa.mil/stigs/app-security/browser-guidance/Pages/index.aspx.
-
-While this profile is packaged by Red Hat as part of the SCAP Security Guide package, please note
-that commercial support of this SCAP content is NOT available. This profile is provided as example
-SCAP content with no endorsement for suitability or production readiness. Support for this
-profile is provided by the upstream SCAP Security Guide community on a best-effort basis. The
-upstream project homepage is https://fedorahosted.org/scap-security-guide/.
-</xccdf:description>
-    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-non-secure_page_warning" selected="true"/>
-    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_text" selected="true"/>
-    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_context_menus" selected="true"/>
-    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_status_bar_changes" selected="true"/>
-    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_resizing" selected="true"/>
-    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-javascript_window_changes" selected="true"/>
-    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-auto-update_of_firefox" selected="false"/>
-    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_passwords" selected="false"/>
-    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-autofill_forms" selected="false"/>
-    <xccdf:select idref="xccdf_org.ssgproject.content_rule_firefox_preferences-addons_plugin_updates" selected="false"/>
-  </xccdf:Profile>
-</xccdf:Tailoring>

data/test/data/testresult.xml

@@ -1,225 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<TestResult xmlns="http://checklists.nist.gov/xccdf/1.2" id="xccdf_org.open-scap_testresult_xccdf_org.ssgproject.content_profile_common" start-time="2014-10-17T09:07:43" end-time="2014-10-17T09:07:55">
-    <benchmark href="/usr/share/xml/scap/ssg/fedora/ssg-fedora-ds.xml" id="xccdf_org.ssgproject.content_benchmark_FEDORA"/>
-    <title>OSCAP Scan Result</title>
-    <identity authenticated="false" privileged="false">root</identity>
-    <profile idref="xccdf_org.ssgproject.content_profile_common"/>
-    <target>fedora20.mydomain</target>
-    <target-address>127.0.0.1</target-address>
-    <target-address>0:0:0:0:0:0:0:1</target-address>
-    <target-facts>
-      <fact name="urn:xccdf:fact:scanner:name" type="string">OpenSCAP</fact>
-      <fact name="urn:xccdf:fact:scanner:version" type="string">1.0.9</fact>
-      <fact name="urn:xccdf:fact:ethernet:MAC" type="string">00:00:00:00:00:00</fact>
-    </target-facts><target-id-ref system="http://scap.nist.gov/schema/asset-identification/1.1" name="asset0" href=""/>
-    <platform idref="cpe:/o:fedoraproject:fedora:20"/>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_disable_prelink" time="2014-10-17T09:07:43" severity="low" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:151" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_globally_activated" time="2014-10-17T09:07:43" severity="high" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:140" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_ensure_gpgcheck_never_disabled" time="2014-10-17T09:07:43" severity="high" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:149" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_file_permissions_library_dirs" time="2014-10-17T09:07:51" severity="medium" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:137" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_file_ownership_library_dirs" time="2014-10-17T09:07:53" severity="medium" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:124" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_file_permissions_binary_dirs" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:161" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_file_ownership_binary_dirs" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:154" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_no_direct_root_logins" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>notchecked</result>
-      <message severity="info">No candidate or applicable check found.</message>
-      <check system="ocil-transitional">
-        <check-export export-name="the /etc/securetty file is not empty" value-id="xccdf_org.ssgproject.content_value_conditional_clause"/>
-        <check-content xmlns:xhtml="http://www.w3.org/1999/xhtml">
-To ensure root may not directly login to the system over physical consoles,
-run the following command:
-<pre xmlns="http://www.w3.org/1999/xhtml">cat /etc/securetty</pre>
-If any output is returned, this is a finding.
-</check-content>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_securetty_root_login_console_only" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:109" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_restrict_serial_port_logins" time="2014-10-17T09:07:55" severity="low" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:144" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_no_root_webbrowsing" time="2014-10-17T09:07:55" severity="low" weight="1.000000">
-      <result>notselected</result>
-      <check system="ocil-transitional">
-        <check-export export-name="this is not the case" value-id="xccdf_org.ssgproject.content_value_conditional_clause"/>
-        <check-content xmlns:xhtml="http://www.w3.org/1999/xhtml">
-Check the <xhtml:code>root</xhtml:code> home directory for a <xhtml:code>.mozilla</xhtml:code> directory. If
-one exists, ensure browsing is limited to local service administration.
-</check-content>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_no_shelllogin_for_systemaccounts" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>notselected</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:122" href="#xccdf1"/>
-      </check>
-      <check system="ocil-transitional">
-        <check-export export-name="any system account (other than root) has a login shell" value-id="xccdf_org.ssgproject.content_value_conditional_clause"/>
-        <check-content xmlns:xhtml="http://www.w3.org/1999/xhtml">
-To obtain a listing of all users,
-their UIDs, and their shells, run the command:
-<pre xmlns="http://www.w3.org/1999/xhtml">$ awk -F: '{print $1 ":" $3 ":" $7}' /etc/passwd</pre>
-Identify the system accounts from this listing. These will
-primarily be the accounts with UID numbers less than 500, other
-than root.
-</check-content>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_no_uidzero_except_root" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:118" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_root_path_default" time="2014-10-17T09:07:55" severity="low" weight="1.000000">
-      <result>notselected</result>
-      <check system="ocil-transitional">
-        <check-export export-name="any of these conditions are not met" value-id="xccdf_org.ssgproject.content_value_conditional_clause"/>
-        <check-content xmlns:xhtml="http://www.w3.org/1999/xhtml">
-To view the root user's <xhtml:code>PATH</xhtml:code>, run the following command:
-<pre xmlns="http://www.w3.org/1999/xhtml"># env | grep PATH</pre>
-If correctly configured, the <xhtml:code>PATH</xhtml:code> must: use vendor default settings,
-have no empty entries, and have no entries beginning with a character
-other than a slash (/).
-</check-content>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_no_empty_passwords" time="2014-10-17T09:07:55" severity="high" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:111" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_no_hashes_outside_shadow" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:107" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_gid_passwd_group_same" time="2014-10-17T09:07:55" severity="low" weight="1.000000">
-      <result>notselected</result>
-      <check system="ocil-transitional">
-        <check-export export-name="there is output" value-id="xccdf_org.ssgproject.content_value_conditional_clause"/>
-        <check-content xmlns:xhtml="http://www.w3.org/1999/xhtml">
-To ensure all GIDs referenced in <xhtml:code>/etc/passwd</xhtml:code> are defined in <xhtml:code>/etc/group</xhtml:code>,
-run the following command:
-<pre xmlns="http://www.w3.org/1999/xhtml"># pwck -qr</pre>
-There should be no output.
-</check-content>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_no_netrc_files" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:157" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-export export-name="oval:ssg:var:213" value-id="xccdf_org.ssgproject.content_value_var_accounts_password_minlen_login_defs"/>
-        <check-content-ref name="oval:ssg:def:133" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_accounts_minimum_age_login_defs" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-export export-name="oval:ssg:var:214" value-id="xccdf_org.ssgproject.content_value_var_accounts_minimum_age_login_defs"/>
-        <check-content-ref name="oval:ssg:def:159" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_accounts_maximum_age_login_defs" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-export export-name="oval:ssg:var:211" value-id="xccdf_org.ssgproject.content_value_var_accounts_maximum_age_login_defs"/>
-        <check-content-ref name="oval:ssg:def:113" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_accounts_password_warn_age_login_defs" time="2014-10-17T09:07:55" severity="low" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-export export-name="oval:ssg:var:215" value-id="xccdf_org.ssgproject.content_value_var_accounts_password_warn_age_login_defs"/>
-        <check-content-ref name="oval:ssg:def:163" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_service_ntpd_enabled" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:129" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_ntpd_specify_remote_server" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:142" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_sshd_disable_root_login" time="2014-10-17T09:07:55" severity="medium" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:115" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_sshd_disable_empty_passwords" time="2014-10-17T09:07:55" severity="high" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:146" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_sshd_set_idle_timeout" time="2014-10-17T09:07:55" severity="low" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-export export-name="oval:ssg:var:212" value-id="xccdf_org.ssgproject.content_value_sshd_idle_timeout_value"/>
-        <check-content-ref name="oval:ssg:def:120" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <rule-result idref="xccdf_org.ssgproject.content_rule_sshd_set_keepalive" time="2014-10-17T09:07:55" severity="low" weight="1.000000">
-      <result>fail</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:ssg:def:135" href="#xccdf1"/>
-      </check>
-    </rule-result>
-    <score system="urn:xccdf:scoring:default" maximum="100.000000">34.722221</score>
-  </TestResult>