Inspec2XCCDF Usage information
The InSpec to XCCDF Parser scans and extracts the results defined in the Inspec JSON results and converts them into a XCCDF XML file to enable portability in publishing the execution results in consuming tools.
The parser requires two files:
- The Inspec JSON results file
- The XCCDF attributes file. See
xccdf2inspecoption--attributesfor how to generate a base attribute file from the source specification.
If all of the following requirements are followed, a XML will be produced conforming to the XCCDF 1.1 specification. Note: All files in the /test/schemas/xccdf_114 directory are directly sourced from https://csrc.nist.gov/Projects/Security-Content-Automation-Protocol/Specifications/xccdf#resource-1.1.4.
XCCDF attributes YAML file
Inspec is unable to produce certain data that is required for conversion into conforming XCCDF. The attributes marked ‘Required’
below MUST be included in a XCCDF attributes YAML file and provided as part of the Inspec2XCCDF conversion process.
benchmark.id # Required: Benchmark id
benchmark.status # Required: Benchmark status. Must be one of 'accepted', 'deprecated', 'draft', 'incomplete', 'interim'
benchmark.version # Required: Benchmark version
The following attributes SHOULD be included in order to more closely generate an XCCDF that matches the original.
benchmark.status.date # Optional: Benchmark status date
benchmark.title # Optional: Benchmark title
reference.href # Optional: Benchmark reference href
reference.dc.publisher # Optional: Benchmark and Rule reference publisher
reference.dc.source # Optional: Benchmark and Rule reference source
reference.dc.title # Optional: Rule reference title
reference.dc.subject # Optional: Rule reference subject
reference.dc.type # Optional: Rule reference type
reference.dc.identifier # Optional: Rule reference identifier
Metadata json file
Inclusion of test results within the XCCDF output
Test results from an Inspec execution will be included in the output only if fqdn is provided at minimum for the fulfilment of valid XCCDF.
Example execution:
inspec_tools inspec2xccdf -j examples/sample_json/rhel-simp.json -a lib/data/attributes.yml -m examples/inspec2xccdf/metadata.json -o output.xccdf
JSON format:
"hostname" : "myawesome",
"ip" : "10.10.10.10", # Optional: A IPV4, IPV6, or MAC address. Applied to TestResult target-address and target-facts element.
"fqdn" : "myawesome.host.com", # Required: The host that is the target of the execution. Applied to TestResult target element.
"mac" : "aa:aa:99:99:99:99", # Optional: A MAC address to include. Applied to TestResult target-facts element.
"identity" : {
"identity" : "userabc", # Optional: Account used to perform scan operation. Applied to TestResult identity element.
"privileged" : true, # Optional: Indicator of whether the identity has priviliged access. Applied to TestResult identity element.
},
"organization" : "MITRE Corporation" # Optional: Name of organization applying this benchmark. Applied to TestResult organization element.
Inspec JSON result file
Inspec will not prevent execution of controls with missing required tags defined since it is a general purpose framework. However, doing so will result in non-conforming XCCDF 1.1 output. In order to generate conforming XCCDF, the tags marked ‘Required’ below MUST be included in each of the Inspec controls.
| Tag | Required | XCCDF Element |
|---|---|---|
| gid | yes | Group attribute id |
| gdescription | no | Group description |
| gtitle | no | Group title |
| rid | yes | Rule attribute id |
| severity | yes | Rule attribute severity. Must be one of ‘unknown’, ‘info’, ‘low’, ‘medium’, ‘high’ |
| rweight | no | Rule weight. If missing, this may make the scoring results out of line as compared to an originating XCCDF Benchmark specification. |
| title | no | Rule title |
| cci | no | Rule ident |
| fix | no | Rule fixTextType content |
| fixref | no | Rule fixTextType fixref |
| checkref | no | TestResult rule-result check system attribute |