Evgeny Kolesnikov
Evgeny Kolesnikov
Also worth trying: `xmlsec1 --verify --enabled-key-data rsa --enabled-key-data key-value --id-attr component --id-attr data-stream simple_ds_valid_sign.xml`
Aha, so it is https://github.com/lsh123/xmlsec/pull/724. Thanks!
Note to myself: we need to use `keyInfoCtx->enabledKeyData` in order to enable this feature.
Also note to myself: https://groups.google.com/a/list.nist.gov/g/scap-dev/c/XugR6yvBws8
Why not just `platform: package[openssh-server]
See: `linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml`
Ping @0intro.
Great! Thank you!
The rule no longer tries to use DBus serivce(s): ``` Remediating rule 369/495: 'xccdf_org.ssgproject.content_rule_firewalld_sshd_port_enabled' Not applicable in offline mode. Remediation aborted! ```
The rule is **not remediated**, but for Image Builder (`osbuild`) it is actually redundant as `osbuild` makes sure that `ssh` is accessible if the service is installed and active.