From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-628688-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 1EDE6138200
	for <garchives@archives.gentoo.org>; Tue, 17 Sep 2013 19:07:13 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9A40CE0CD8;
	Tue, 17 Sep 2013 19:07:12 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id DFBEAE0CCD
	for <gentoo-commits@lists.gentoo.org>; Tue, 17 Sep 2013 19:07:11 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id C918933ED0D
	for <gentoo-commits@lists.gentoo.org>; Tue, 17 Sep 2013 19:07:10 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 8205DE530A
	for <gentoo-commits@lists.gentoo.org>; Tue, 17 Sep 2013 19:07:09 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1379444499.d88ab0ae8f09a427faea0822761bba3a6596f216.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/SCAP/
X-VCS-Repository: proj/hardened-docs
X-VCS-Files: xml/SCAP/Makefile xml/SCAP/gentoo-oval.xml xml/SCAP/gentoo-oval.xml.result.xml xml/SCAP/gentoo-xccdf.xml xml/SCAP/report.html xml/SCAP/results-xccdf.xml
X-VCS-Directories: xml/SCAP/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: d88ab0ae8f09a427faea0822761bba3a6596f216
X-VCS-Branch: master
Date: Tue, 17 Sep 2013 19:07:09 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 9633edf8-c2de-4bdf-b174-6d88534abd60
X-Archives-Hash: a72bb0edff91d63f0921842a5a12cb2b

commit:     d88ab0ae8f09a427faea0822761bba3a6596f216
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Sep 17 19:01:39 2013 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Tue Sep 17 19:01:39 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=d88ab0ae

Updates on SCAP - Test and generate fix code

---
 xml/SCAP/Makefile                   |  12 +-
 xml/SCAP/gentoo-oval.xml            |  35 +++-
 xml/SCAP/gentoo-oval.xml.result.xml | 166 ------------------
 xml/SCAP/gentoo-xccdf.xml           |  33 +++-
 xml/SCAP/report.html                | 292 --------------------------------
 xml/SCAP/results-xccdf.xml          | 326 ------------------------------------
 6 files changed, 72 insertions(+), 792 deletions(-)

diff --git a/xml/SCAP/Makefile b/xml/SCAP/Makefile
index 81ebe1c..5964888 100644
--- a/xml/SCAP/Makefile
+++ b/xml/SCAP/Makefile
@@ -1,2 +1,12 @@
+all: report.html guide.html
+
 report.html: gentoo-cpe.xml gentoo-xccdf.xml gentoo-oval.xml
-	oscap xccdf eval --cpe gentoo-cpe.xml --results results-xccdf.xml --oval-results --report report.html gentoo-xccdf.xml
+	oscap xccdf eval --cpe gentoo-cpe.xml --profile xccdf_org.gentoo.dev.swift_profile_default --results results-xccdf.xml --oval-results --report report.html gentoo-xccdf.xml
+
+guide.html: gentoo-cpe.xml gentoo-xccdf.xml gentoo-oval.xml
+	oscap xccdf generate guide --profile xccdf_org.gentoo.dev.swift_profile_default --output guide.html gentoo-xccdf.xml
+
+eval:
+	oscap xccdf eval --cpe gentoo-cpe.xml --profile xccdf_org.gentoo.dev.swift_profile_default gentoo-xccdf.xml
+
+.PHONY: all eval

diff --git a/xml/SCAP/gentoo-oval.xml b/xml/SCAP/gentoo-oval.xml
index d2ece23..b520353 100644
--- a/xml/SCAP/gentoo-oval.xml
+++ b/xml/SCAP/gentoo-oval.xml
@@ -53,6 +53,24 @@
       <criterion test_ref="oval:org.gentoo.dev.swift:tst:2" comment="The /home location is on a separate partition" />
     </criteria>
   </definition>
+
+  <definition id="oval:org.gentoo.dev.swift:def:3" version="1" class="compliance">
+    <metadata>
+      <title>The /home file system is mounted with the nosuid option</title>
+      <affected family="unix">
+        <platform>Gentoo Linux</platform>
+      </affected>
+      <description>
+        This definition tests whether the /home partition is mounted with the nosuid 
+	mount option.
+      </description>
+    </metadata>
+    <criteria operator="AND">
+      <criterion test_ref="oval:org.gentoo.dev.swift:tst:2" comment="The /home location is on a separate partition" />
+      <criterion test_ref="oval:org.gentoo.dev.swift:tst:3" comment="The /home partition is mounted with nosuid mount option" />
+    </criteria>
+  </definition>
+
 </definitions>
 
 <tests>
@@ -70,6 +88,15 @@
     <!-- /home partition -->
     <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:2" />
   </lin-def:partition_test>
+
+  <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:3"
+    version="1" check="all" check_existence="all_exist"
+    comment="Tests that /home is mounted with nosuid option">
+    <!-- /home partition -->
+    <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:2" />
+    <!-- "nosuid" mount option -->
+    <lin-def:state state_ref="oval:org.gentoo.dev.swift:ste:1" />
+  </lin-def:partition_test>
 </tests>
 
 <objects>
@@ -85,10 +112,14 @@
   </lin-def:partition_object>
 </objects>
 
-<!--
 <states>
+
+  <lin-def:partition_state id="oval:org.gentoo.dev.swift:ste:1"
+    version="1" comment="The file system is mounted with the nosuid mount option">
+    <lin-def:mount_options entity_check="at least one">nosuid</lin-def:mount_options>
+  </lin-def:partition_state>
+
 </states>
--->
 
 <!--
 <variables>

diff --git a/xml/SCAP/gentoo-oval.xml.result.xml b/xml/SCAP/gentoo-oval.xml.result.xml
deleted file mode 100644
index 5ae9a7a..0000000
--- a/xml/SCAP/gentoo-oval.xml.result.xml
+++ /dev/null
@@ -1,166 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<oval_results xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://oval.mitre.org/XMLSchema/oval-results-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-results-5 oval-results-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
-  <generator>
-    <oval:product_name>cpe:/a:open-scap:oscap</oval:product_name>
-    <oval:schema_version>5.10</oval:schema_version>
-    <oval:timestamp>2013-09-17T20:24:00</oval:timestamp>
-  </generator>
-  <directives>
-    <definition_true reported="true" content="full"/>
-    <definition_false reported="true" content="full"/>
-    <definition_unknown reported="true" content="full"/>
-    <definition_error reported="true" content="full"/>
-    <definition_not_evaluated reported="true" content="full"/>
-    <definition_not_applicable reported="true" content="full"/>
-  </directives>
-  <oval_definitions xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd">
-    <generator>
-      <oval:product_name>OVAL Gentoo Linux</oval:product_name>
-      <oval:product_version>20130917.1</oval:product_version>
-      <oval:schema_version>5.10</oval:schema_version>
-      <oval:timestamp>2013-09-17T19:42:00</oval:timestamp>
-    </generator>
-    <definitions>
-      <definition id="oval:org.gentoo.dev.swift:def:2" version="1" class="compliance">
-        <metadata>
-          <title>The /home location must be a separate file system</title>
-          <affected family="unix">
-            <platform>Gentoo Linux</platform>
-          </affected>
-          <reference source="CCE" ref_id="CCE-14559-9" ref_url="http://nvd.nist.gov/cce/index.cfm"/>
-          <description>
-        This definition tests whether the /home location is a separate file
-	system.
-      </description>
-        </metadata>
-        <criteria>
-          <criterion test_ref="oval:org.gentoo.dev.swift:tst:2" comment="The /home location is on a separate partition"/>
-        </criteria>
-      </definition>
-      <definition id="oval:org.gentoo.dev.swift:def:1" version="1" class="inventory">
-        <metadata>
-          <title>Gentoo Linux is installed</title>
-          <affected family="unix">
-            <platform>Gentoo Linux</platform>
-          </affected>
-          <description>
-        This definition tests whether Gentoo Linux is installed.
-      </description>
-        </metadata>
-        <criteria>
-          <criterion test_ref="oval:org.gentoo.dev.swift:tst:1" comment="The /etc/gentoo-release file exists"/>
-        </criteria>
-      </definition>
-    </definitions>
-    <tests>
-      <lin-def:partition_test id="oval:org.gentoo.dev.swift:tst:2" version="1" check_existence="all_exist" check="all" comment="Tests that /home is a separate file system">
-        <lin-def:object object_ref="oval:org.gentoo.dev.swift:obj:2"/>
-      </lin-def:partition_test>
-      <unix-def:file_test id="oval:org.gentoo.dev.swift:tst:1" version="1" check_existence="all_exist" check="all" comment="Tests that /etc/gentoo-release exists">
-        <unix-def:object object_ref="oval:org.gentoo.dev.swift:obj:1"/>
-      </unix-def:file_test>
-    </tests>
-    <objects>
-      <lin-def:partition_object id="oval:org.gentoo.dev.swift:obj:2" version="1" comment="The /home partition">
-        <lin-def:mount_point>/home</lin-def:mount_point>
-      </lin-def:partition_object>
-      <unix-def:file_object id="oval:org.gentoo.dev.swift:obj:1" version="1" comment="The /etc/gentoo-release file">
-        <unix-def:filepath>/etc/gentoo-release</unix-def:filepath>
-      </unix-def:file_object>
-    </objects>
-  </oval_definitions>
-  <results>
-    <system>
-      <definitions>
-        <definition definition_id="oval:org.gentoo.dev.swift:def:2" result="true" version="1">
-          <criteria operator="AND" result="true">
-            <criterion test_ref="oval:org.gentoo.dev.swift:tst:2" version="1" result="true"/>
-          </criteria>
-        </definition>
-        <definition definition_id="oval:org.gentoo.dev.swift:def:1" result="not evaluated" version="1">
-          <criteria operator="AND" result="not evaluated">
-            <criterion test_ref="oval:org.gentoo.dev.swift:tst:1" version="1" result="not evaluated"/>
-          </criteria>
-        </definition>
-      </definitions>
-      <tests>
-        <test test_id="oval:org.gentoo.dev.swift:tst:2" version="1" check_existence="all_exist" check="all" result="true">
-          <tested_item item_id="1277011" result="not evaluated"/>
-        </test>
-        <test test_id="oval:org.gentoo.dev.swift:tst:1" version="1" check_existence="all_exist" check="all" result="not evaluated"/>
-      </tests>
-      <oval_system_characteristics xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:unix-sys="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix" xmlns:ind-sys="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent" xmlns:lin-sys="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#linux" xmlns="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-system-characteristics-5 oval-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent independent-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix unix-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#linux linux-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.x
 sd">
-        <generator>
-          <oval:product_name>cpe:/a:open-scap:oscap</oval:product_name>
-          <oval:schema_version>5.10</oval:schema_version>
-          <oval:timestamp>2013-09-17T20:24:00</oval:timestamp>
-        </generator>
-        <system_info>
-          <os_name>Linux</os_name>
-          <os_version>#5 SMP PREEMPT Wed Aug 14 18:25:47 CEST 2013</os_version>
-          <architecture>x86_64</architecture>
-          <primary_host_name>hpl</primary_host_name>
-          <interfaces>
-            <interface>
-              <interface_name>lo</interface_name>
-              <ip_address>127.0.0.1</ip_address>
-              <mac_address>00:00:00:00:00:00</mac_address>
-            </interface>
-            <interface>
-              <interface_name>wlan0</interface_name>
-              <ip_address>192.168.1.3</ip_address>
-              <mac_address>F0:7B:CB:0F:5A:3B</mac_address>
-            </interface>
-            <interface>
-              <interface_name>tap0</interface_name>
-              <ip_address>192.168.100.1</ip_address>
-              <mac_address>22:45:EA:47:E5:69</mac_address>
-            </interface>
-            <interface>
-              <interface_name>lo</interface_name>
-              <ip_address>::1</ip_address>
-              <mac_address>00:00:00:00:00:00</mac_address>
-            </interface>
-            <interface>
-              <interface_name>wlan0</interface_name>
-              <ip_address>fe80::f27b:cbff:fe0f:5a3b</ip_address>
-              <mac_address>F0:7B:CB:0F:5A:3B</mac_address>
-            </interface>
-            <interface>
-              <interface_name>tap0</interface_name>
-              <ip_address>2001:db8:81:e2:0:26b5:365b:5072</ip_address>
-              <mac_address>22:45:EA:47:E5:69</mac_address>
-            </interface>
-            <interface>
-              <interface_name>tap0</interface_name>
-              <ip_address>fe80::2045:eaff:fe47:e569</ip_address>
-              <mac_address>22:45:EA:47:E5:69</mac_address>
-            </interface>
-          </interfaces>
-        </system_info>
-        <collected_objects>
-          <object id="oval:org.gentoo.dev.swift:obj:2" version="1" flag="complete">
-            <reference item_ref="1277011"/>
-          </object>
-        </collected_objects>
-        <system_data>
-          <lin-sys:partition_item id="1277011" status="exists">
-            <lin-sys:mount_point>/home</lin-sys:mount_point>
-            <lin-sys:device>/dev/mapper/volgrp-home</lin-sys:device>
-            <lin-sys:fs_type>ext4</lin-sys:fs_type>
-            <lin-sys:mount_options>rw</lin-sys:mount_options>
-            <lin-sys:mount_options>seclabel</lin-sys:mount_options>
-            <lin-sys:mount_options>nosuid</lin-sys:mount_options>
-            <lin-sys:mount_options>nodev</lin-sys:mount_options>
-            <lin-sys:mount_options>noatime</lin-sys:mount_options>
-            <lin-sys:mount_options>nodelalloc</lin-sys:mount_options>
-            <lin-sys:mount_options>data=journal</lin-sys:mount_options>
-            <lin-sys:total_space datatype="int">15449087</lin-sys:total_space>
-            <lin-sys:space_used datatype="int">12723993</lin-sys:space_used>
-            <lin-sys:space_left datatype="int">2725094</lin-sys:space_left>
-          </lin-sys:partition_item>
-        </system_data>
-      </oval_system_characteristics>
-    </system>
-  </results>
-</oval_results>

diff --git a/xml/SCAP/gentoo-xccdf.xml b/xml/SCAP/gentoo-xccdf.xml
index 28098a7..a501b53 100644
--- a/xml/SCAP/gentoo-xccdf.xml
+++ b/xml/SCAP/gentoo-xccdf.xml
@@ -26,6 +26,8 @@
     </description>
     <!-- The /home location is a separate file system -->
     <select idref="xccdf_org.gentoo.dev.swift_rule_partition-home" selected="true" />
+    <!-- The /home partition is mounted with nosuid -->
+    <select idref="xccdf_org.gentoo.dev.swift_rule_partition-home-nosuid" selected="true" />
   </Profile>
   <Group id="xccdf_org.gentoo.dev.swift_group_intro">
     <title>Introduction</title>
@@ -106,7 +108,7 @@
         the following command is used to generate the HTML output:
         <h:br />
         <h:pre>### Command to generate this guide ###
-# <h:b>oscap xccdf generate guide scap-gentoo-xccdf.xml &gt; output.html</h:b>
+# <h:b>oscap xccdf generate guide gentoo-xccdf.xml &gt; output.html</h:b>
         </h:pre>
         <h:br />
         Secondly, together with this XCCDF XML, you will also find an OVAL XML file.
@@ -116,11 +118,11 @@
 	<h:br />
 	Now, to validate the tests, you can use the following commands:
         <h:pre>### Testing the rules mentioned in the XCCDF document ###
-# <h:b>oscap xccdf eval --profile xccdf_org.gentoo.dev.swift_profile_default scap-gentoo-xccdf.xml</h:b></h:pre>
+# <h:b>oscap xccdf eval --profile xccdf_org.gentoo.dev.swift_profile_default gentoo-xccdf.xml</h:b></h:pre>
         <h:br />
         To generate a full report in HTML as well, you can use the next command:
         <h:pre>### Testing the rules and generating an HTML report ###
-# <h:b>oscap xccdf eval --profile xccdf_org.gentoo.dev.swift_profile_default --results xccdf-results.xml --report report.html scap-gentoo-xccdf.xml</h:b></h:pre>
+# <h:b>oscap xccdf eval --profile xccdf_org.gentoo.dev.swift_profile_default --results xccdf-results.xml --report report.html gentoo-xccdf.xml</h:b></h:pre>
         <h:br />
 	<h:br />
         Finally, this benchmark will suggest some settings which you do not want
@@ -280,13 +282,34 @@
             The <h:code>/home</h:code> location should be on its own partition,
             allowing the administrator to mount this location with specific
             options targetting the file systems' security settings or quota.
+	    <h:br />
+	    <h:br />
+	    Next to the separate file system, it should also be mounted with
+	    the <h:em>nosuid</h:em> mount option. When a vulnerability in a
+	    software, or a rogue user, would somehow place a setuid binary in
+	    this home directory in order to create a simple backdoor to gain
+	    root privileges, this mount option disables the setuid ability.
           </description>
-	  <Rule id="xccdf_org.gentoo.dev.swift_rule_partition-home" selected="true">
+	  <Rule id="xccdf_org.gentoo.dev.swift_rule_partition-home" selected="false">
 	    <title>Test if /home is a separate partition</title>
 	    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
               <check-content-ref name="oval:org.gentoo.dev.swift:def:2" href="gentoo-oval.xml" />
 	    </check>
 	  </Rule>
+	  <Rule id="xccdf_org.gentoo.dev.swift_rule_partition-home-nosuid" selected="false">
+	    <title>Test if /home is mounted with nosuid</title>
+	    <fixtext fixref="xccdf_org.gentoo.dev.swift_fix_partition-home-nosuid">Mount /home with nosuid mount option</fixtext>
+	    <!-- TODO can we put in multiple fixes? I would like to add in one
+		 that asks the user (not automatically) to update fstab -->
+	    <fix id="xccdf_org.gentoo.dev.swift_fix_partition-home-nosuid"
+	      system="urn:xccdf:fix:system:commands"
+	      platform="cpe:/o:gentoo:linux" complexity="low" disruption="low" reboot="false">
+mount -o remount,nosuid /home
+	    </fix>
+	    <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+	      <check-content-ref name="oval:org.gentoo.dev.swift:def:3" href="gentoo-oval.xml" />
+	    </check>
+	  </Rule>
         </Group>
       </Group>
     </Group>
@@ -921,7 +944,7 @@ session   required pam_unix.so</h:pre>
           <title>World writeable directories must have sticky bit set</title>
 	  <description>World writeable directories must have sticky bit set</description>
 	  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-	    <check-content-ref href="scap-gentoo-oval.xml" name="oval:@@OVALNS@@.static:def:2" />
+	    <check-content-ref href="gentoo-oval.xml" name="oval:@@OVALNS@@.static:def:2" />
 	  </check>
 	</Rule>
       </Group>

diff --git a/xml/SCAP/report.html b/xml/SCAP/report.html
deleted file mode 100644
index 76fed49..0000000
--- a/xml/SCAP/report.html
+++ /dev/null
@@ -1,292 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:svg="http://www.w3.org/2000/svg">
-  <head>
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <title>XCCDF test result</title>
-    <meta name="generator" content="" />
-    <meta name="Content-Type" content="text/html;charset=utf-8" />
-    <style type="text/css" media="all">
-    html, body { background-color: black; font-family:sans-serif; margin:0; padding:0; }
-    abbr { text-transform:none; border:none; font-variant:normal; }
-    div.score-outer { height: .8em; width:100%; min-width:100px; background-color: red; }
-    div.score-inner { height: 100%; background-color: green; }
-    .score-max, .score-val, .score-percent { text-align:right; }
-    .score-percent { font-weight: bold; }
-    th, td { padding-left:.5em; padding-right:.5em; }
-    .rule-selected, .result-pass strong, .result-fixed strong { color:green; }
-    .rule-inactive, .unknown, .result-notselected strong, .result-notchecked strong, .result-notapplicable strong, .result-informational strong, .result-unknown strong { color:#555; }
-    .rule-notselected, .result-error strong, .result-fail strong { color:red; }
-    table { border-collapse: collapse; border: 1px black solid; width:100%; }
-    table th, thead tr { background-color:black; color:white; }
-    table td { border-right: 1px black solid; }
-    table td.result, table td.link { text-align:center; }
-    table td.num { text-align:right; }
-    div#rule-results-summary { margin-bottom: 1em; }
-    table tr.result-legend td { width: 10%; }
-    div#content p { text-align:justify; }
-    div.result-detail { border: 1px solid black; margin: 2em 0; padding: 0 1em; }
-    div#content h2 { border-bottom:2px dashed; margin-top:1em; margin-bottom:0.5em; text-align:center; }
-    div#content h2#summary { margin-top:0; }
-    h1 { margin:1em 0; }
-    div.raw table, div.raw table td { border:none; width:auto; padding:0; }
-    div.raw table { margin-left: 2em; }
-    div.raw table td { padding: .1em .7em; }
-    table tr { border-bottom: 1px dotted #000; }
-    dir.raw table tr { border-bottom: 0 !important; }
-    pre.code { background: #ccc; padding:.2em; }
-    ul.toc-struct li { list-style-type: none; }
-    div.xccdf-rule { margin-left: 10%; }
-    div#footer, p.remark, .link { font-size:.8em; }
-    thead tr td { font-weight:bold; text-align:center; }
-    .hidden { display:none; }
-    td.score-bar { text-align:center; }
-    td.score-bar span.media { width:100%; min-width:7em; height:.8em; display:block; margin:0; padding:0; }
-    .oval-results { font-size:.8em; overflow:auto; }
-    div#guide-top-table table { width: 100%; }
-    td#common-info { min-width: 25.0em; border-right: 1px solid #000; }
-    td#versions-revisions { width: 25.0em; }
-  </style>
-    <style type="text/css" media="screen">
-    div#content, div#header, div#footer { margin-left:1em; margin-right:1em; }
-    div#content { background-color: white; padding:2em; }
-    div#footer, div#header { color:white; text-align:center; }
-    a, a:visited { color:blue; text-decoration:underline; }
-    div#content p.link { text-align:right; font-size:.8em; }
-    div#footer a { color:white; }
-    div.xccdf-group, div.xccdf-rule { border-left: 3px solid white; padding-left:.3em; }
-    div.xccdf-group:target, div.xccdf-rule:target { border-left-color:#ccc; }
-    .toc-struct li:target { background:#ddd; }
-    abbr { border-bottom: 1px black dotted; }
-    abbr.date { border-bottom:none; }
-    pre.code { overflow:auto; }
-    table tbody tr:hover { background: #ccc; }
-    div.raw table tbody tr:hover { background: transparent !important; }
-  </style>
-    <style type="text/css" media="print">
-    @page { margin:3cm; }
-    html, body { background-color:white; font-family:serif; }
-    .link { display:none; }
-    a, a:visited { color:black; text-decoration:none; }
-    div#header, div#footer { text-align:center; }
-    div#header { padding-top:36%; }
-    h1 { vertical-align:center; }
-    h2 { page-break-before:always; }
-    h3, h4, h5  { page-break-after:avoid; }
-    pre.code { background: #ccc; }
-    div#footer { margin-top:auto; }
-    .toc-struct { page-break-after:always; }
-  </style>
-  </head>
-  <body>
-    <div id="xccdf_org.open-scap_testresult_default-profile">
-      <div id="header">
-        <h1>XCCDF test result</h1>
-      </div>
-      <div id="content">
-        <div id="intro">
-          <h2>Introduction</h2>
-          <div>
-            <h3>Test Result</h3>
-            <div id="test-result-summary">
-              <table>
-                <thead>
-                  <tr>
-                    <td>Result ID</td>
-                    <td>Profile</td>
-                    <td>Start time</td>
-                    <td>End time</td>
-                    <td>Benchmark</td>
-                    <td>Benchmark version</td>
-                  </tr>
-                </thead>
-                <tbody>
-                  <tr>
-                    <td align="center">xccdf_org.open-scap_testresult_default-profile</td>
-                    <td align="center">
-                  (Default profile)
-                </td>
-                    <td align="center">
-                      <abbr title="2013-09-17T20:24:00" class="date">2013-09-17 20:24</abbr>
-                    </td>
-                    <td align="center">
-                      <abbr title="2013-09-17T20:24:00" class="date">2013-09-17 20:24</abbr>
-                    </td>
-                    <td align="center">
-                      <span>embedded</span>
-                    </td>
-                    <td align="center">20130917.1</td>
-                  </tr>
-                </tbody>
-              </table>
-            </div>
-          </div>
-          <div>
-            <h3>Target info</h3>
-            <div class="raw">
-              <table>
-                <tbody>
-                  <tr>
-                    <td valign="top">
-                      <h4>Targets</h4>
-                      <ul class="itemizedlist">
-                        <li>hpl</li>
-                      </ul>
-                    </td>
-                    <td valign="top">
-                      <h4>Addresses</h4>
-                      <ul class="itemizedlist">
-                        <li>127.0.0.1</li>
-                        <li>192.168.1.3</li>
-                        <li>192.168.100.1</li>
-                        <li>::1</li>
-                        <li>fe80::f27b:cbff:fe0f:5a3b</li>
-                        <li>2001:db8:81:e2:0:26b5:365b:5072</li>
-                        <li>fe80::2045:eaff:fe47:e569</li>
-                      </ul>
-                    </td>
-                    <td></td>
-                    <td valign="top">
-                      <h4>Platforms</h4>
-                      <ul class="itemizedlist">
-                        <li>cpe:/o:gentoo:linux</li>
-                      </ul>
-                    </td>
-                    <td valign="top"></td>
-                  </tr>
-                </tbody>
-              </table>
-            </div>
-          </div>
-          <div>
-            <h3>Score</h3>
-            <div>
-              <table>
-                <thead>
-                  <tr>
-                    <td>system</td>
-                    <td>score</td>
-                    <td>max</td>
-                    <td>%</td>
-                    <td>bar</td>
-                  </tr>
-                </thead>
-                <tbody>
-                  <tr id="score-urn-xccdf-scoring-default">
-                    <td class="score-sys">urn:xccdf:scoring:default</td>
-                    <td class="score-val">100.00</td>
-                    <td class="score-max">100.00</td>
-                    <td class="score-percent">100.00%</td>
-                    <td class="score-bar">
-                      <span class="media">
-                        <svg xmlns="http://www.w3.org/2000/svg" xmlns:ovalres="http://oval.mitre.org/XMLSchema/oval-results-5" xmlns:sceres="http://open-scap.org/page/SCE_result_file" width="100%" height="100%" version="1.1" baseProfile="full">
-                          <rect width="100%" height="100%" fill="red"></rect>
-                          <rect height="100%" width="100.00%" fill="green"></rect>
-                          <rect height="100%" x="100.00%" width="2" fill="black"></rect>
-                        </svg>
-                      </span>
-                    </td>
-                  </tr>
-                </tbody>
-              </table>
-            </div>
-          </div>
-        </div>
-        <div id="results-overview">
-          <h2>Results overview</h2>
-          <div id="rule-results-summary">
-            <h4>Rule Results Summary</h4>
-            <table>
-              <thead>
-                <tr>
-                  <td>pass</td>
-                  <td>fixed</td>
-                  <td>fail</td>
-                  <td>error</td>
-                  <td>not selected</td>
-                  <td>not checked</td>
-                  <td>not applicable</td>
-                  <td>informational</td>
-                  <td>unknown</td>
-                  <td>total</td>
-                </tr>
-              </thead>
-              <tbody>
-                <tr class="result-legend">
-                  <td align="center" class="result-pass">
-                    <strong class="strong">1</strong>
-                  </td>
-                  <td align="center" class="result-fixed">
-                    <strong class="strong">0</strong>
-                  </td>
-                  <td align="center" class="result-fail">
-                    <strong class="strong">0</strong>
-                  </td>
-                  <td align="center" class="result-error">
-                    <strong class="strong">0</strong>
-                  </td>
-                  <td align="center" class="result-notselected">
-                    <strong class="strong">0</strong>
-                  </td>
-                  <td align="center" class="result-notchecked">
-                    <strong class="strong">0</strong>
-                  </td>
-                  <td align="center" class="result-notapplicable">
-                    <strong class="strong">0</strong>
-                  </td>
-                  <td align="center" class="result-informational">
-                    <strong class="strong">0</strong>
-                  </td>
-                  <td align="center" class="result-unknown">
-                    <strong class="strong">0</strong>
-                  </td>
-                  <td align="center">
-                    <strong class="strong">1</strong>
-                  </td>
-                </tr>
-              </tbody>
-            </table>
-          </div>
-          <div>
-            <h4 class="hidden">Rule results summary</h4>
-            <table>
-              <thead>
-                <tr>
-                  <td>Title</td>
-                  <td>Result</td>
-                </tr>
-              </thead>
-              <tbody>
-                <tr class="result-pass">
-                  <td class="id">
-                    <a href="#ruleresult-idm2812214624720">Test if /home is a separate partition</a>
-                  </td>
-                  <td class="result">
-                    <strong class="strong">pass</strong>
-                  </td>
-                </tr>
-              </tbody>
-            </table>
-          </div>
-        </div>
-        <div id="results-details">
-          <h2>Results details</h2>
-          <div class="result-detail" id="ruleresult-idm2812214624720">
-            <h3>Result for Test if /home is a separate partition</h3>
-            <p class="result-pass">Result: <strong class="strong">pass</strong></p>
-            <p>Rule ID: <strong class="strong">xccdf_org.gentoo.dev.swift_rule_partition-home</strong></p>
-            <p>Time: <strong class="strong"><abbr title="2013-09-17T20:24:00" class="date">2013-09-17 20:24</abbr></strong></p>
-            <p class="link">
-              <a href="#results-overview">results overview</a>
-            </p>
-          </div>
-        </div>
-      </div>
-      <div id="footer">
-        <p> Generated by <a href="http://open-scap.org">OpenSCAP</a>
-      (0.9.8)
-     on <abbr title="2013-09-17T20:24:00+02:00" class="date">2013-09-17 20:24</abbr>.</p>
-      </div>
-    </div>
-  </body>
-</html>

diff --git a/xml/SCAP/results-xccdf.xml b/xml/SCAP/results-xccdf.xml
deleted file mode 100644
index db19a4c..0000000
--- a/xml/SCAP/results-xccdf.xml
+++ /dev/null
@@ -1,326 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="xccdf_org.gentoo.dev.swift_benchmark_gentoo-20130917-1" resolved="1">
-  <status date="2013-09-17">draft</status>
-  <title>Gentoo Security Benchmark</title>
-  <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-    This benchmarks helps people in improving their system configuration to be
-    more resilient against attacks and vulnerabilities.
-  </description>
-  <platform idref="cpe:/o:gentoo:linux"/>
-  <version>20130917.1</version>
-  <model system="urn:xccdf:scoring:default"/>
-  <Profile id="xccdf_org.gentoo.dev.swift_profile_intensive">
-    <title>Default server setup settingsIntensive validation profile</title>
-    <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-      In this profile, we verify common settings for Gentoo Linux
-      configurations. The tests that are enabled in this profile can be ran
-      without visibly impacting the performance of the system.
-    
-      This profile extends the default server profile by including tests that 
-      are more intensive to run on a system. Tests such as full file system
-      scans to find world-writable files or directories have an otherwise too
-      large impact on the performance of a server.
-    </description>
-    <select idref="xccdf_org.gentoo.dev.swift_rule_partition-home" selected="true"/>
-  </Profile>
-  <Profile id="xccdf_org.gentoo.dev.swift_profile_default">
-    <title>Default server setup settings</title>
-    <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-      In this profile, we verify common settings for Gentoo Linux
-      configurations. The tests that are enabled in this profile can be ran
-      without visibly impacting the performance of the system.
-    </description>
-    <select idref="xccdf_org.gentoo.dev.swift_rule_partition-home" selected="true"/>
-  </Profile>
-  <Group id="xccdf_org.gentoo.dev.swift_group_intro">
-    <title>Introduction</title>
-    <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-      Since years, Gentoo Linux has a Gentoo Security Handbook
-      which provides a good insight in secure system
-      configuration for a Gentoo systems. Although this is important, an
-      improved method for describing and tuning a systems' security state has
-      emerged: SCAP, or the <h:em xmlns:h="http://www.w3.org/1999/xhtml">Security Content Automation Protocol</h:em>.
-      <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-      <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-      As such, this benchmark is an update on the security
-      handbook, including both the in-depth explanation of settings as well as
-      the means to validate if a system complies with this or not. Now, during
-      the development of this benchmark document, we did not include all
-      information from the Gentoo Security Handbook as some of the settings are
-      specific to a service that is not all that default on a Gentoo Linux
-      system. Although these settings are important as well, it is our believe
-      that this is best done in separate benchmarks for those services instead.
-      <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-      <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-      Where applicable, this benchmark will refer to a different hardening guide
-      for specific purposes (such as the Hardening OpenSSH benchmark).
-    </description>
-    <reference href="http://www.gentoo.org/doc/en/security/security-handbook.xml">Gentoo
-    Security Handbook</reference>
-    <Group id="xccdf_org.gentoo.dev.swift_group_intro-security">
-      <title>This is no security policy</title>
-      <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-        It is <h:em xmlns:h="http://www.w3.org/1999/xhtml">very important</h:em> to realize that this document is not a
-	policy.  You are not obliged to follow this if you want a secure system
-	nor do you need to agree with everything said in the document.
-	<h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-	<h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-	The purpose of this document is to guide you in your quest to hardening
-	your system.  It will provide pointers that could help you decide in
-	particular configuration settings and will do this hopefully using
-	sufficient background information to make a good choice.
-	<h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-	<h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-	You <h:em xmlns:h="http://www.w3.org/1999/xhtml">will</h:em> find settings you don't agree with. That's fine, but
-	if you disagree with <h:em xmlns:h="http://www.w3.org/1999/xhtml">why</h:em> we do this, we would like to hear it
-	and we'll add the feedback to the guide.
-      </description>
-    </Group>
-    <Group id="xccdf_org.gentoo.dev.swift_group_intro-scap">
-      <title>A little more about SCAP and OVAL</title>
-      <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-        Within SCAP, NIST has defined some new standards of which XCCDF and OVAL
-        are notably important in light of the guide you are currently using.
-        <h:ul xmlns:h="http://www.w3.org/1999/xhtml">
-          <h:li>
-            XCCDF (Extensible Configuration Checklist Description Format) is
-            a specification language for writing security checklists and benchmarks
-            (such as the one you are reading now)
-          </h:li>
-          <h:li>
-            OVAL (Open Vulnerability and Assessment Language) is a standard to describe
-            and validate system settings
-          </h:li>
-        </h:ul>
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        Thanks to the OVAL and XCCDF standards, a security engineer can now describe
-        how the state of a system should be configured, how this can be checked
-        automatically and even report on these settings. Furthermore, within the
-        description, the engineer can make "profiles" of different states (such as
-        a profile for a workstation, server (generic), webserver, LDAP server,
-        ...) and reusing the states (rules) identified in a more global scope.
-      </description>
-    </Group>
-    <Group id="xccdf_org.gentoo.dev.swift_group_intro-using">
-      <title>Using this guide</title>
-      <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-        The guide you are currently reading is the guide generated from this SCAP
-        content (more specifically, the XCCDF document) using <h:b xmlns:h="http://www.w3.org/1999/xhtml">openscap</h:b>,
-        a free software implementation for handling SCAP content. Within Gentoo,
-        the package <h:code xmlns:h="http://www.w3.org/1999/xhtml">app-forensics/openscap</h:code> provides the tools, and
-        the following command is used to generate the HTML output:
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        <h:pre xmlns:h="http://www.w3.org/1999/xhtml">### Command to generate this guide ###
-# <h:b>oscap xccdf generate guide scap-gentoo-xccdf.xml &gt; output.html</h:b>
-        </h:pre>
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        Secondly, together with this XCCDF XML, you will also find an OVAL XML file.
-        The two files combined allow you to automatically validate various settings as
-        documented in the benchmark.
-	<h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-	<h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-	Now, to validate the tests, you can use the following commands:
-        <h:pre xmlns:h="http://www.w3.org/1999/xhtml">### Testing the rules mentioned in the XCCDF document ###
-# <h:b>oscap xccdf eval --profile xccdf_org.gentoo.dev.swift_profile_default scap-gentoo-xccdf.xml</h:b></h:pre>
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        To generate a full report in HTML as well, you can use the next command:
-        <h:pre xmlns:h="http://www.w3.org/1999/xhtml">### Testing the rules and generating an HTML report ###
-# <h:b>oscap xccdf eval --profile xccdf_org.gentoo.dev.swift_profile_default --results xccdf-results.xml --report report.html scap-gentoo-xccdf.xml</h:b></h:pre>
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-	<h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        Finally, this benchmark will suggest some settings which you do not want
-        to enable. That is perfectly fine - even more, some settings might even
-        raise eyebrows left and right. We will try to document the reasoning behind
-        the settings but you are free to deviate from them. If that is the case,
-        you might want to disable the rules in the XCCDF document so that they are
-        not checked on your system.
-      </description>
-    </Group>
-    <Group id="xccdf_org.gentoo.dev.swift_group_intro-profiles">
-      <title>Available XCCDF Profiles</title>
-      <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-        As mentioned earlier, the XCCDF document supports multiple profiles. For the time
-	being, two profiles are defined:
-	<h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-	<h:ul xmlns:h="http://www.w3.org/1999/xhtml" xmlns="http://checklists.nist.gov/xccdf/1.2">
-	  <h:li>
-	    The <em>default</em> profile contains tests that are quick to validate
-	  </h:li>
-	  <h:li>
-	    The <em>intensive</em> profile contains all tests, including those that
-	    take a while (for instance because they perform full file system scans)
-	  </h:li>
-	</h:ul>
-	Substitute the profile information in the commands above with the profile you want to test on.
-      </description>
-    </Group>
-  </Group>
-  <Group id="xccdf_org.gentoo.dev.swift_group_preinstallation">
-    <title>Before You Start</title>
-    <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-      Before you start deploying Gentoo Linux and start hardening it, it is wise
-      to take a step back and think about what you want to accomplish. Setting
-      up a more secured Gentoo Linux isn't a goal, but a means to reach
-      something. Most likely, you are considering setting up a Gentoo Linux
-      powered server. What is this server for? Where will you put it? What other
-      services will you want to run on the same OS? Etc.
-    </description>
-    <Group id="xccdf_org.gentoo.dev.swift_group_preinstallation-architecturing">
-      <title>Infrastructure Architecturing</title>
-      <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-        When considering your entire IT architecture, many architecturing
-        frameworks exist to write down and further design your infrastructure.
-        There are very elaborate ones, like TOGAF (The Open Group Architecture
-        Framework), but smaller ones exist as well.
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        A well written and maintained infrastructure architecture helps you
-        position new services or consider the impact of changes on existing
-        components. And the reason for mentioning such a well designed architecture
-        in a hardening guide is not weird.
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        Security is about reducing risks, not about harassing people or making
-        work for a system administrator harder. And reducing risks also means
-        that you need to keep a clear eye out on your architecture and all its
-        components. If you do not know what you are integrating, where you are
-        putting it or why, then you have more issues to consider than hardening
-        a system.
-      </description>
-    </Group>
-    <Group id="xccdf_org.gentoo.dev.swift_group_preinstallation-requirements">
-      <title>Mapping Requirements</title>
-      <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-        When you design a service, you need to take both functional and
-        non-functional requirements into account. That does sound like
-        overshooting for a simple server installation, but it is not. Have you
-        considered auditing? Where do the audit logs need to be sent to? What
-        about authentication? Centrally managed, or manually set? And the server
-        you are installing, will it only host a particular service, or will it
-        provide several services?
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-        When hosting multiple services on the same server, make sure that the
-        server is positioned within your network on an acceptable segment. It is
-        not safe to host your central LDAP infrastructure on the same system as
-        your web server that is facing the Internet.
-      </description>
-      <reference href="https://www.ibm.com/developerworks/rational/library/4706.html">IBM DeveloperWorks article on "Capturing Architectural Requirements"</reference>
-    </Group>
-    <Group id="xccdf_org.gentoo.dev.swift_group_preinstallation-nonsoftware">
-      <title>Non-Software Security Concerns</title>
-      <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-        From the next chapter onwards, we will only focus on the software side
-        hardening. There are of course also non-software concerns that you
-        should investigate.
-      </description>
-      <reference href="https://www.rfc-editor.org/info/rfc2196">Site Security
-      Handbook (RFC2196)</reference>
-      <Group id="xccdf_org.gentoo.dev.swift_group_preinstallation-nonsoftware-physical">
-        <title>Physical Security</title>
-        <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-          Make sure that your system is only accessible (physically) by trusted
-          people. Fully hardening your system, only to have a malicious person
-          take out the harddisk and run away with your confidential data is not
-          something you want to experience.
-          <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-          <h:br xmlns:h="http://www.w3.org/1999/xhtml"/>
-          When physical security cannot be guaranteed (like with laptops), make
-          sure that theft of the device only results in the loss of the hardware
-          and not of the data and software on it (backups), and also that the
-          data on it cannot be read by unauthorized people. We will come back on
-          disk encryption later.
-        </description>
-        <reference href="http://www.sans.org/reading_room/whitepapers/awareness/data-center-physical-security-checklist_416">Data
-        Center Physical Security Checklist (SANS, PDF)</reference>
-      </Group>
-      <Group id="xccdf_org.gentoo.dev.swift_group_preinstallation-nonsoftware-policies">
-        <title>Policies and Contractual Agreements</title>
-        <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-          Create or validate the security policies in your organization. This is
-          not only as a stick (against internal people who might want to abuse
-          their powers) but also to document and describe why certain decisions
-          are made (both architecturally as otherwise).
-        </description>
-        <reference href="http://www.sans.org/reading_room/whitepapers/policyissues/technical-writing-security-policies-easy-steps_492">Technical
-        Writing for IT Security Policies in Five Easy Steps (SANS,
-        PDF)</reference>
-        <reference href="https://www.sans.org/security-resources/policies/">Information
-        Security Policy Templates (SANS)</reference>
-      </Group>
-    </Group>
-  </Group>
-  <Group id="xccdf_org.gentoo.dev.swift_group_installation">
-    <title>Installation Configuration</title>
-    <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-      Let's focus now on the OS hardening. Gentoo Linux allows you to update the
-      system as you want after installation, but it might be interesting to
-      consider the following aspects during installation if you do not want a
-      huge migration project later.
-    </description>
-    <Group id="xccdf_org.gentoo.dev.swift_group_installation-storage">
-      <title>Storage Configuration</title>
-      <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-        Your storage is of utmost importance in any environment. It needs to be
-        sufficiently fast, not to jeopardize performance, but also secure and
-        manageable yet still remain flexible to handle future changes.
-      </description>
-      <Group id="xccdf_org.gentoo.dev.swift_group_installation-storage-partitioning">
-        <title>Partitioning</title>
-        <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-          Know which locations in your file system structure you want on a
-          different partition or logical volume. Separate locations allow for a
-          more distinct segregation (for instance, hard links between different
-          file systems) and low-level protection (file system corruption impact,
-          but also putting the right data on the right storage media).
-        </description>
-        <reference href="http://www.pathname.com/fhs/">Filesystem Hierarchy
-        Standard</reference>
-        <Group id="xccdf_org.gentoo.dev.swift_group_installation-storage-partitioning-home">
-          <title>/home Location</title>
-          <description xmlns:xhtml="http://www.w3.org/1999/xhtml">
-            The <h:code xmlns:h="http://www.w3.org/1999/xhtml">/home</h:code> location should be on its own partition,
-            allowing the administrator to mount this location with specific
-            options targetting the file systems' security settings or quota.
-          </description>
-          <Rule id="xccdf_org.gentoo.dev.swift_rule_partition-home" selected="true">
-            <title>Test if /home is a separate partition</title>
-            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-              <check-content-ref name="oval:org.gentoo.dev.swift:def:2" href="gentoo-oval.xml"/>
-            </check>
-          </Rule>
-        </Group>
-      </Group>
-    </Group>
-  </Group>
-  <TestResult id="xccdf_org.open-scap_testresult_default-profile" start-time="2013-09-17T20:24:00" end-time="2013-09-17T20:24:00">
-    <title>OSCAP Scan Result</title>
-    <identity authenticated="false" privileged="false">swift</identity>
-    <target>hpl</target>
-    <target-address>127.0.0.1</target-address>
-    <target-address>192.168.1.3</target-address>
-    <target-address>192.168.100.1</target-address>
-    <target-address>::1</target-address>
-    <target-address>fe80::f27b:cbff:fe0f:5a3b</target-address>
-    <target-address>2001:db8:81:e2:0:26b5:365b:5072</target-address>
-    <target-address>fe80::2045:eaff:fe47:e569</target-address>
-    <target-facts>
-      <fact name="urn:xccdf:fact:scanner:name" type="string">OpenSCAP</fact>
-      <fact name="urn:xccdf:fact:scanner:version" type="string">0.9.8</fact>
-      <fact name="urn:xccdf:fact:ethernet:MAC" type="string">00:00:00:00:00:00</fact>
-      <fact name="urn:xccdf:fact:ethernet:MAC" type="string">F0:7B:CB:0F:5A:3B</fact>
-      <fact name="urn:xccdf:fact:ethernet:MAC" type="string">22:45:EA:47:E5:69</fact>
-      <fact name="urn:xccdf:fact:ethernet:MAC" type="string">00:00:00:00:00:00</fact>
-      <fact name="urn:xccdf:fact:ethernet:MAC" type="string">F0:7B:CB:0F:5A:3B</fact>
-      <fact name="urn:xccdf:fact:ethernet:MAC" type="string">22:45:EA:47:E5:69</fact>
-      <fact name="urn:xccdf:fact:ethernet:MAC" type="string">22:45:EA:47:E5:69</fact>
-    </target-facts>
-    <rule-result idref="xccdf_org.gentoo.dev.swift_rule_partition-home" time="2013-09-17T20:24:00" weight="1.000000">
-      <result>pass</result>
-      <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
-        <check-content-ref name="oval:org.gentoo.dev.swift:def:2" href="gentoo-oval.xml"/>
-      </check>
-    </rule-result>
-    <score system="urn:xccdf:scoring:default" maximum="100.000000">100.000000</score>
-  </TestResult>
-</Benchmark>