diff --git a/openscap.changes b/openscap.changes
index f0584fc..bb896b2 100644
--- a/openscap.changes
+++ b/openscap.changes
@@ -12,6 +12,12 @@ Wed Aug  1 09:43:28 UTC 2012 - meissner@suse.com
   - results are validated only if an OSCAP_FULL_VALIDATION variable is set
   - bug fixes
 
+-------------------------------------------------------------------
+Wed Aug  1 09:18:06 UTC 2012 - dmacvicar@suse.de
+
+- add OVAL/XCCDF content based on yast2-security checks
+  and set them as the default content (using symlinks)
+
 -------------------------------------------------------------------
 Sat Jul 28 14:24:46 UTC 2012 - aj@suse.de
 
diff --git a/openscap.spec b/openscap.spec
index 7265f16..77d1cff 100644
--- a/openscap.spec
+++ b/openscap.spec
@@ -25,6 +25,12 @@ Release:        1.0
 Source:         http://www.open-scap.org/download/%name-%version.tar.gz
 Source1:        oscap-scan.init
 Source2:        sysconfig.oscap-scan
+# SUSE specific profile, based on yast2-security
+# checks.
+# Generated from http://gitorious.org/test-suite/scap
+Source3:        scap-yast2sec-xccdf.xml
+Source4:        scap-yast2sec-oval.xml
+#
 Url:            http://www.open-scap.org/
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  libacl-devel
@@ -160,9 +166,12 @@ install -d -m 755 $RPM_BUILD_ROOT%{_initrddir}
 install -p -m 755 %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/oscap-scan
 install -m 644 %{SOURCE2} $RPM_BUILD_ROOT/var/adm/fillup-templates
 
+install -m 644 %{SOURCE3}  $RPM_BUILD_ROOT/%{_datadir}/openscap
+install -m 644 %{SOURCE4}  $RPM_BUILD_ROOT/%{_datadir}/openscap
+
 # create symlinks to default content
-ln -s  %{_datadir}/openscap/scap-fedora14-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml
-ln -s  %{_datadir}/openscap/scap-fedora14-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml
+ln -s  %{_datadir}/openscap/scap-yast2sec-oval.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-oval.xml
+ln -s  %{_datadir}/openscap/scap-yast2sec-xccdf.xml $RPM_BUILD_ROOT/%{_datadir}/openscap/scap-xccdf.xml
 
 %post -n libopenscap%{soname} -p /sbin/ldconfig
 
diff --git a/scap-yast2sec-oval.xml b/scap-yast2sec-oval.xml
new file mode 100644
index 0000000..81446ff
--- /dev/null
+++ b/scap-yast2sec-oval.xml
@@ -0,0 +1,577 @@
+<?xml version="1.0"?>
+<oval_definitions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+ xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"
+ xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"
+ xmlns:ind-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent"
+ xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"
+ xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix">
+  <generator>
+    <oval:product_name>vim</oval:product_name>
+    <oval:schema_version>5.9</oval:schema_version>
+    <oval:timestamp>2011-10-31T12:00:00-04:00</oval:timestamp>
+  </generator>
+
+<definitions>
+<!-- @@GENOVAL START DEFINITIONS -->
+<definition class="compliance" id="oval:de.suse.suse121:def:2" version="1">
+  <metadata>
+    <title>sysctl net.ipv4.ip_forward must be 0</title>
+    <description>sysctl net.ipv4.ip_forward must be 0</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:2" comment="sysctl net.ipv4.ip_forward must be 0" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:3" version="1">
+  <metadata>
+    <title>sysctl net.ipv4.tcp_syncookies must be 1</title>
+    <description>sysctl net.ipv4.tcp_syncookies must be 1</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:3" comment="sysctl net.ipv4.tcp_syncookies must be 1" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:4" version="1">
+  <metadata>
+    <title>sysctl net.ipv6.conf.all.forwarding must be 0</title>
+    <description>sysctl net.ipv6.conf.all.forwarding must be 0</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:4" comment="sysctl net.ipv6.conf.all.forwarding must be 0" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:5" version="1">
+  <metadata>
+    <title>sysctl net.ipv6.conf.default.forwarding must be 0</title>
+    <description>sysctl net.ipv6.conf.default.forwarding must be 0</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:5" comment="sysctl net.ipv6.conf.default.forwarding must be 0" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:6" version="1">
+  <metadata>
+    <title>kernel config CONFIG_SYN_COOKIES must be y</title>
+    <description>kernel config CONFIG_SYN_COOKIES must be y</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:6" comment="kernel config CONFIG_SYN_COOKIES must be y" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:9" version="1">
+  <metadata>
+    <title>file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999</title>
+    <description>file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:9" comment="file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:10" version="1">
+  <metadata>
+    <title>file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0</title>
+    <description>file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:10" comment="file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:11" version="1">
+  <metadata>
+    <title>file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7</title>
+    <description>file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:11" comment="file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:12" version="1">
+  <metadata>
+    <title>file /etc/pam.d/common-password must have a line that matches minlen=6</title>
+    <description>file /etc/pam.d/common-password must have a line that matches minlen=6</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:12" comment="file /etc/pam.d/common-password must have a line that matches minlen=6" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:13" version="1">
+  <metadata>
+    <title>file /etc/pam.d/common-password must have a line that matches remember=</title>
+    <description>file /etc/pam.d/common-password must have a line that matches remember=</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:13" comment="file /etc/pam.d/common-password must have a line that matches remember=" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:16" version="1">
+  <metadata>
+    <title>file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0</title>
+    <description>file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:16" comment="file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:17" version="1">
+  <metadata>
+    <title>file /etc/login.defs must have a line that matches ^FAIL_DELAY</title>
+    <description>file /etc/login.defs must have a line that matches ^FAIL_DELAY</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:17" comment="file /etc/login.defs must have a line that matches ^FAIL_DELAY" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:18" version="1">
+  <metadata>
+    <title>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no</title>
+    <description>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:18" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:19" version="1">
+  <metadata>
+    <title>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</title>
+    <description>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:19" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:22" version="1">
+  <metadata>
+    <title>file /etc/login.defs must have a line that matches ^UID_MIN.*1000</title>
+    <description>file /etc/login.defs must have a line that matches ^UID_MIN.*1000</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:22" comment="file /etc/login.defs must have a line that matches ^UID_MIN.*1000" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:23" version="1">
+  <metadata>
+    <title>file /etc/login.defs must have a line that matches ^UID_MAX.*60000</title>
+    <description>file /etc/login.defs must have a line that matches ^UID_MAX.*60000</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:23" comment="file /etc/login.defs must have a line that matches ^UID_MAX.*60000" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:24" version="1">
+  <metadata>
+    <title>file /etc/login.defs must have a line that matches ^GID_MIN.*1000</title>
+    <description>file /etc/login.defs must have a line that matches ^GID_MIN.*1000</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:24" comment="file /etc/login.defs must have a line that matches ^GID_MIN.*1000" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:25" version="1">
+  <metadata>
+    <title>file /etc/login.defs must have a line that matches ^GID_MAX.*60000</title>
+    <description>file /etc/login.defs must have a line that matches ^GID_MAX.*60000</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:25" comment="file /etc/login.defs must have a line that matches ^GID_MAX.*60000" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:29" version="1">
+  <metadata>
+    <title>sysctl kernel.sysrq must be 0</title>
+    <description>sysctl kernel.sysrq must be 0</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:29" comment="sysctl kernel.sysrq must be 0" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:30" version="1">
+  <metadata>
+    <title>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5</title>
+    <description>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:30" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:31" version="1">
+  <metadata>
+    <title>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des</title>
+    <description>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:31" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:32" version="1">
+  <metadata>
+    <title>file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set</title>
+    <description>file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:32" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:33" version="1">
+  <metadata>
+    <title>file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes</title>
+    <description>file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:33" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:38" version="1">
+  <metadata>
+    <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes</title>
+    <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:38" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:39" version="1">
+  <metadata>
+    <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd</title>
+    <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:39" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:40" version="1">
+  <metadata>
+    <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes</title>
+    <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:40" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:41" version="1">
+  <metadata>
+    <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd</title>
+    <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:41" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:42" version="1">
+  <metadata>
+    <title>file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes</title>
+    <description>file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:42" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes" />
+  </criteria>
+</definition>
+<definition class="compliance" id="oval:de.suse.suse121:def:43" version="1">
+  <metadata>
+    <title>file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes</title>
+    <description>file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes</description>
+  </metadata>
+  <criteria>
+    <criterion test_ref="oval:de.suse.suse121:tst:43" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes" />
+  </criteria>
+</definition>
+<!-- @@GENOVAL END DEFINITIONS -->
+</definitions>
+
+<tests>
+<!-- @@GENOVAL START TESTS -->
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:2" version="1" check="at least one" comment="sysctl net.ipv4.ip_forward must be 0" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:1" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:1" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:3" version="1" check="at least one" comment="sysctl net.ipv4.tcp_syncookies must be 1" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:2" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:2" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:4" version="1" check="at least one" comment="sysctl net.ipv6.conf.all.forwarding must be 0" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:4" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:1" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:5" version="1" check="at least one" comment="sysctl net.ipv6.conf.default.forwarding must be 0" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:5" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:1" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:6" version="1" check="at least one" comment="kernel config CONFIG_SYN_COOKIES must be y" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:3" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:3" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:9" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:4" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:10" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:5" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:11" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:6" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:12" version="1" check="at least one" comment="file /etc/pam.d/common-password must have a line that matches minlen=6" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:10" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:17" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:13" version="1" check="at least one" comment="file /etc/pam.d/common-password must have a line that matches remember=" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:10" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:18" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:16" version="1" check="none satisfy" comment="file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:9" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:17" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^FAIL_DELAY" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:10" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:18" version="1" check="at least one" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:12" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:23" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:19" version="1" check="at least one" comment="file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:12" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:24" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:22" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^UID_MIN.*1000" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:11" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:23" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^UID_MAX.*60000" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:12" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:24" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^GID_MIN.*1000" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:13" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:25" version="1" check="at least one" comment="file /etc/login.defs must have a line that matches ^GID_MAX.*60000" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:7" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:14" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:29" version="1" check="at least one" comment="sysctl kernel.sysrq must be 0" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:6" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:1" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:30" version="1" check="none satisfy" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:9" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:15" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:31" version="1" check="none satisfy" comment="file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:9" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:16" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:32" version="1" check="at least one" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:13" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:25" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:33" version="1" check="at least one" comment="file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:13" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:26" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:38" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:11" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:19" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:39" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:11" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:20" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:40" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:11" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:21" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:41" version="1" check="at least one" comment="file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:11" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:22" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:42" version="1" check="at least one" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:14" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:27" />
+</ind-def:textfilecontent54_test>
+<ind-def:textfilecontent54_test id="oval:de.suse.suse121:tst:43" version="1" check="at least one" comment="file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes" check_existence="at_least_one_exists">
+  <ind-def:object object_ref="oval:de.suse.suse121:obj:14" />
+  <ind-def:state state_ref="oval:de.suse.suse121:ste:28" />
+</ind-def:textfilecontent54_test>
+<!-- @@GENOVAL END TESTS -->
+</tests>
+
+<objects>
+<!-- @@GENOVAL START OBJECTS -->
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:1" version="1" comment="Non-comment lines in /proc/sys/net/ipv4/ip_forward">
+  <ind-def:filepath>/proc/sys/net/ipv4/ip_forward</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:2" version="1" comment="Non-comment lines in /proc/sys/net/ipv4/tcp_syncookies">
+  <ind-def:filepath>/proc/sys/net/ipv4/tcp_syncookies</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:3" version="1" comment="Kernel configuration entry CONFIG_SYN_COOKIES">
+  <ind-def:filepath>/usr/src/linux/.config</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">(CONFIG_SYN_COOKIES.*)</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:4" version="1" comment="Non-comment lines in /proc/sys/net/ipv6/conf/all/forwarding">
+  <ind-def:filepath>/proc/sys/net/ipv6/conf/all/forwarding</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:5" version="1" comment="Non-comment lines in /proc/sys/net/ipv6/conf/default/forwarding">
+  <ind-def:filepath>/proc/sys/net/ipv6/conf/default/forwarding</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:6" version="1" comment="Non-comment lines in /proc/sys/kernel/sysrq">
+  <ind-def:filepath>/proc/sys/kernel/sysrq</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:7" version="1" comment="Non-comment lines in /etc/login.defs">
+  <ind-def:filepath>/etc/login.defs</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:8" version="1" comment="Non-comment lines in /etc/pam.d/common-passwd">
+  <ind-def:filepath>/etc/pam.d/common-passwd</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:9" version="1" comment="Non-comment lines in /etc/default/passwd">
+  <ind-def:filepath>/etc/default/passwd</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:10" version="1" comment="Non-comment lines in /etc/pam.d/common-password">
+  <ind-def:filepath>/etc/pam.d/common-password</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:11" version="1" comment="Non-comment lines in /etc/sysconfig/dhcpd">
+  <ind-def:filepath>/etc/sysconfig/dhcpd</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:12" version="1" comment="Non-comment lines in /etc/sysconfig/displaymanager">
+  <ind-def:filepath>/etc/sysconfig/displaymanager</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:13" version="1" comment="Non-comment lines in /etc/sysconfig/security">
+  <ind-def:filepath>/etc/sysconfig/security</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<ind-def:textfilecontent54_object id="oval:de.suse.suse121:obj:14" version="1" comment="Non-comment lines in /etc/sysconfig/services">
+  <ind-def:filepath>/etc/sysconfig/services</ind-def:filepath>
+  <ind-def:pattern operation="pattern match">^[[:space:]]*([^#[:space:]].*[^[:space:]]?)[[:space:]]*$</ind-def:pattern>
+  <ind-def:instance datatype="int" operation="greater than or equal">1</ind-def:instance>
+</ind-def:textfilecontent54_object>
+<!-- @@GENOVAL END OBJECTS -->
+</objects>
+
+<states>
+<!-- @@GENOVAL START STATES -->
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:1" version="1" comment="The match of 0">
+  <ind-def:subexpression operation="pattern match">0</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:2" version="1" comment="The match of 1">
+  <ind-def:subexpression operation="pattern match">1</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:3" version="1" comment="The match of CONFIG_SYN_COOKIES=y">
+  <ind-def:subexpression operation="pattern match">CONFIG_SYN_COOKIES=y</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:4" version="1" comment="The match of ^PASS_MAX_DAYS.*99999">
+  <ind-def:subexpression operation="pattern match">^PASS_MAX_DAYS.*99999</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:5" version="1" comment="The match of ^PASS_MIN_DAYS.*0">
+  <ind-def:subexpression operation="pattern match">^PASS_MIN_DAYS.*0</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:6" version="1" comment="The match of ^PASS_WARN_AGE.*7">
+  <ind-def:subexpression operation="pattern match">^PASS_WARN_AGE.*7</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:7" version="1" comment="The match of ^minlen=6">
+  <ind-def:subexpression operation="pattern match">^minlen=6</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:8" version="1" comment="The match of ^remember=">
+  <ind-def:subexpression operation="pattern match">^remember=</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:9" version="1" comment="The match of ^FAIL_DELAY.*0">
+  <ind-def:subexpression operation="pattern match">^FAIL_DELAY.*0</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:10" version="1" comment="The match of ^FAIL_DELAY">
+  <ind-def:subexpression operation="pattern match">^FAIL_DELAY</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:11" version="1" comment="The match of ^UID_MIN.*1000">
+  <ind-def:subexpression operation="pattern match">^UID_MIN.*1000</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:12" version="1" comment="The match of ^UID_MAX.*60000">
+  <ind-def:subexpression operation="pattern match">^UID_MAX.*60000</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:13" version="1" comment="The match of ^GID_MIN.*1000">
+  <ind-def:subexpression operation="pattern match">^GID_MIN.*1000</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:14" version="1" comment="The match of ^GID_MAX.*60000">
+  <ind-def:subexpression operation="pattern match">^GID_MAX.*60000</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:15" version="1" comment="The match of ^CRYPT_FILES=md5">
+  <ind-def:subexpression operation="pattern match">^CRYPT_FILES=md5</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:16" version="1" comment="The match of ^CRYPT_FILES=des">
+  <ind-def:subexpression operation="pattern match">^CRYPT_FILES=des</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:17" version="1" comment="The match of minlen=6">
+  <ind-def:subexpression operation="pattern match">minlen=6</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:18" version="1" comment="The match of remember=">
+  <ind-def:subexpression operation="pattern match">remember=</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:19" version="1" comment="The match of ^DHCPD_RUN_CHROOTED.*yes">
+  <ind-def:subexpression operation="pattern match">^DHCPD_RUN_CHROOTED.*yes</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:20" version="1" comment="The match of ^DHCPD_RUN_AS.*dhcpd">
+  <ind-def:subexpression operation="pattern match">^DHCPD_RUN_AS.*dhcpd</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:21" version="1" comment="The match of ^DHCPD6_RUN_CHROOTED.*yes">
+  <ind-def:subexpression operation="pattern match">^DHCPD6_RUN_CHROOTED.*yes</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:22" version="1" comment="The match of ^DHCPD6_RUN_AS.*dhcpd">
+  <ind-def:subexpression operation="pattern match">^DHCPD6_RUN_AS.*dhcpd</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:23" version="1" comment="The match of ^DISPLAYMANAGER_REMOTE_ACCESS.*no">
+  <ind-def:subexpression operation="pattern match">^DISPLAYMANAGER_REMOTE_ACCESS.*no</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:24" version="1" comment="The match of ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no">
+  <ind-def:subexpression operation="pattern match">^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:25" version="1" comment="The match of ^CHECK_PERMISSIONS.*set">
+  <ind-def:subexpression operation="pattern match">^CHECK_PERMISSIONS.*set</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:26" version="1" comment="The match of ^CHECK_SIGNATURES.*yes">
+  <ind-def:subexpression operation="pattern match">^CHECK_SIGNATURES.*yes</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:27" version="1" comment="The match of ^DISABLE_RESTART_ON_UPDATE.*yes">
+  <ind-def:subexpression operation="pattern match">^DISABLE_RESTART_ON_UPDATE.*yes</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<ind-def:textfilecontent54_state id="oval:de.suse.suse121:ste:28" version="1" comment="The match of ^DISABLE_STOP_ON_REMOVAL.*yes">
+  <ind-def:subexpression operation="pattern match">^DISABLE_STOP_ON_REMOVAL.*yes</ind-def:subexpression>
+</ind-def:textfilecontent54_state>
+<!-- @@GENOVAL END STATES -->
+</states>
+
+<!--
+<variables>
+-->
+<!-- @@GENOVAL START VARIABLES -->
+<!-- @@GENOVAL END VARIABLES -->
+<!--
+<local_variable id="oval:de.suse.suse121.genoval:var:1" version="1" datatype="string" comment="Location where the helper scripts output is stored">
+  <object_component item_field="value" object_ref="oval:de.suse.suse121.genoval:obj:1"/>
+</local_variable>
+</variables>
+-->
+</oval_definitions>
diff --git a/scap-yast2sec-xccdf.xml b/scap-yast2sec-xccdf.xml
new file mode 100644
index 0000000..be4c10e
--- /dev/null
+++ b/scap-yast2sec-xccdf.xml
@@ -0,0 +1,320 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Benchmark xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:h="http://www.w3.org/1999/xhtml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="SUSE-Security-Benchmark-YaST2" xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.1 xccdf-1.1.4.xsd" resolved="0">
+  <status date="2012-07-24">draft</status>
+  <title>Hardening Linux Kernel</title>
+  <description>
+    The Linux kernel is at the heart of every Linux system. With its extensive configuration
+    options, it comes to no surprise that specific settings can be enabled to further harden
+    your system.
+    <h:br />
+    <h:br />
+    In this guide, we focus on Linux kernel configuration entries that support additional
+    hardening of your system, as well as the configuration through the <h:em>syctl</h:em>
+    settings.
+  </description>
+  <platform idref="cpe:/o:suse:linux"/>
+  <version>1</version>
+  <model system="urn:xccdf:scoring:default"/>
+  <model system="urn:xccdf:scoring:flat"/>
+  <Profile id="Default">
+    <title>Default vanilla kernel hardening</title>
+    <description>
+      Profile matching all standard (vanilla-kernel) hardening rules
+    </description>
+	<select idref="rule-sysctl-ipv4-forward" selected="true" /> 
+	<select idref="rule-sysctl-ipv4-tcpsyncookies" selected="true" /> 
+	<select idref="rule-sysctl-ipv6-all-forward" selected="true" /> 
+	<select idref="rule-sysctl-ipv6-default-forward" selected="true" /> 
+	<select idref="rule-kernel-syncookies" selected="true" /> 
+	<select idref="rule-pwd-maxdays" selected="true" /> 
+	<select idref="rule-pwd-mindays" selected="true" /> 
+	<select idref="rule-pwd-warnage" selected="true" /> 
+	<select idref="rule-pwd-minlen" selected="true" /> 
+	<select idref="rule-pwd-remember" selected="true" /> 
+	<select idref="rule-authc-faildelay" selected="true" /> 
+	<select idref="rule-authc-faildelayexist" selected="true" /> 
+	<select idref="rule-authc-xdmcp-remote" selected="true" /> 
+	<select idref="rule-authc-xdmcp-root" selected="true" /> 
+	<select idref="rule-usermgmt-uidmin" selected="true" /> 
+	<select idref="rule-usermgmt-uidmax" selected="true" /> 
+	<select idref="rule-usermgmt-gidmin" selected="true" /> 
+	<select idref="rule-usermgmt-gidmax" selected="true" /> 
+	<select idref="rule-misc-sysrq" selected="true" /> 
+	<select idref="rule-misc-hashalgo_md5" selected="true" /> 
+	<select idref="rule-misc-hashalgo_des" selected="true" /> 
+	<select idref="rule-misc-perm-check" selected="true" /> 
+	<select idref="rule-misc-sig-check" selected="true" /> 
+	<select idref="rule-srvc-dhcpd-chroot" selected="true" /> 
+	<select idref="rule-srvc-dhcpd-uid" selected="true" /> 
+	<select idref="rule-srvc-dhcpd6-chroot" selected="true" /> 
+	<select idref="rule-srvc-dhcpd6-uid" selected="true" /> 
+	<select idref="rule-srvc-update-restart" selected="true" /> 
+	<select idref="rule-srvc-remove-stop" selected="true" /> 
+  </Profile>
+	<!-- @@GEN START rule-sysctl-ipv4-forward --> 
+<Rule id="rule-sysctl-ipv4-forward" selected="false">
+  <title>sysctl net.ipv4.ip_forward must be 0</title>
+  <description>sysctl net.ipv4.ip_forward must be 0</description>
+  <fix>echo 0 &gt; /proc/sys/net/ipv4/ip_forward</fix>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:2" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-sysctl-ipv4-forward -->
+	<!-- @@GEN START rule-sysctl-ipv4-tcpsyncookies --> 
+<Rule id="rule-sysctl-ipv4-tcpsyncookies" selected="false">
+  <title>sysctl net.ipv4.tcp_syncookies must be 1</title>
+  <description>sysctl net.ipv4.tcp_syncookies must be 1</description>
+  <fix>echo 1 &gt; /proc/sys/net/ipv4/tcp_syncookies</fix>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:3" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-sysctl-ipv4-tcpsyncookies -->
+	<!-- @@GEN START rule-sysctl-ipv6-all-forward --> 
+<Rule id="rule-sysctl-ipv6-all-forward" selected="false">
+  <title>sysctl net.ipv6.conf.all.forwarding must be 0</title>
+  <description>sysctl net.ipv6.conf.all.forwarding must be 0</description>
+  <fix>echo 0 &gt; /proc/sys/net/ipv6/conf/all/forwarding</fix>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:4" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-sysctl-ipv6-all-forward -->
+	<!-- @@GEN START rule-sysctl-ipv6-default-forward --> 
+<Rule id="rule-sysctl-ipv6-default-forward" selected="false">
+  <title>sysctl net.ipv6.conf.default.forwarding must be 0</title>
+  <description>sysctl net.ipv6.conf.default.forwarding must be 0</description>
+  <fix>echo 0 &gt; /proc/sys/net/ipv6/conf/default/forwarding</fix>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:5" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-sysctl-ipv6-default-forward -->
+	<!-- @@GEN START rule-kernel-syncookies --> 
+<Rule id="rule-kernel-syncookies" selected="false">
+  <title>kernel config CONFIG_SYN_COOKIES must be y</title>
+  <description>kernel config CONFIG_SYN_COOKIES must be y</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:6" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-kernel-syncookies -->
+	<!-- @@GEN START rule-pwd-maxdays --> 
+<Rule id="rule-pwd-maxdays" selected="false">
+  <title>file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999</title>
+  <description>file /etc/login.defs must have a line that matches ^PASS_MAX_DAYS.*99999</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:9" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-pwd-maxdays -->
+	<!-- @@GEN START rule-pwd-mindays --> 
+<Rule id="rule-pwd-mindays" selected="false">
+  <title>file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0</title>
+  <description>file /etc/login.defs must have a line that matches ^PASS_MIN_DAYS.*0</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:10" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-pwd-mindays -->
+	<!-- @@GEN START rule-pwd-warnage --> 
+<Rule id="rule-pwd-warnage" selected="false">
+  <title>file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7</title>
+  <description>file /etc/login.defs must have a line that matches ^PASS_WARN_AGE.*7</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:11" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-pwd-warnage -->
+	<!-- @@GEN START rule-pwd-minlen --> 
+<Rule id="rule-pwd-minlen" selected="false">
+  <title>file /etc/pam.d/common-password must have a line that matches minlen=6</title>
+  <description>file /etc/pam.d/common-password must have a line that matches minlen=6</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:12" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-pwd-minlen -->
+	<!-- @@GEN START rule-pwd-remember --> 
+<Rule id="rule-pwd-remember" selected="false">
+  <title>file /etc/pam.d/common-password must have a line that matches remember=</title>
+  <description>file /etc/pam.d/common-password must have a line that matches remember=</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:13" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-pwd-remember -->
+	<!-- @@GEN START rule-authc-faildelay --> 
+<Rule id="rule-authc-faildelay" selected="false">
+  <title>file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0</title>
+  <description>file /etc/login.defs may not have a line that matches ^FAIL_DELAY.*0</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:16" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-authc-faildelay -->
+	<!-- @@GEN START rule-authc-faildelayexist --> 
+<Rule id="rule-authc-faildelayexist" selected="false">
+  <title>file /etc/login.defs must have a line that matches ^FAIL_DELAY</title>
+  <description>file /etc/login.defs must have a line that matches ^FAIL_DELAY</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:17" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-authc-faildelayexist -->
+	<!-- @@GEN START rule-authc-xdmcp-remote --> 
+<Rule id="rule-authc-xdmcp-remote" selected="false">
+  <title>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no</title>
+  <description>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_REMOTE_ACCESS.*no</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:18" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-authc-xdmcp-remote -->
+	<!-- @@GEN START rule-authc-xdmcp-root --> 
+<Rule id="rule-authc-xdmcp-root" selected="false">
+  <title>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</title>
+  <description>file /etc/sysconfig/displaymanager must have a line that matches ^DISPLAYMANAGER_ROOT_LOGIN_REMOTE.*no</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:19" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-authc-xdmcp-root -->
+	<!-- @@GEN START rule-usermgmt-uidmin --> 
+<Rule id="rule-usermgmt-uidmin" selected="false">
+  <title>file /etc/login.defs must have a line that matches ^UID_MIN.*1000</title>
+  <description>file /etc/login.defs must have a line that matches ^UID_MIN.*1000</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:22" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-usermgmt-uidmin -->
+	<!-- @@GEN START rule-usermgmt-uidmax --> 
+<Rule id="rule-usermgmt-uidmax" selected="false">
+  <title>file /etc/login.defs must have a line that matches ^UID_MAX.*60000</title>
+  <description>file /etc/login.defs must have a line that matches ^UID_MAX.*60000</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:23" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-usermgmt-uidmax -->
+	<!-- @@GEN START rule-usermgmt-gidmin --> 
+<Rule id="rule-usermgmt-gidmin" selected="false">
+  <title>file /etc/login.defs must have a line that matches ^GID_MIN.*1000</title>
+  <description>file /etc/login.defs must have a line that matches ^GID_MIN.*1000</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:24" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-usermgmt-gidmin -->
+	<!-- @@GEN START rule-usermgmt-gidmax --> 
+<Rule id="rule-usermgmt-gidmax" selected="false">
+  <title>file /etc/login.defs must have a line that matches ^GID_MAX.*60000</title>
+  <description>file /etc/login.defs must have a line that matches ^GID_MAX.*60000</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:25" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-usermgmt-gidmax -->
+	<!-- @@GEN START rule-misc-sysrq --> 
+<Rule id="rule-misc-sysrq" selected="false">
+  <title>sysctl kernel.sysrq must be 0</title>
+  <description>sysctl kernel.sysrq must be 0</description>
+  <fix>echo 0 &gt; /proc/sys/kernel/sysrq</fix>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:29" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-misc-sysrq -->
+	<!-- @@GEN START rule-misc-hashalgo_md5 --> 
+<Rule id="rule-misc-hashalgo_md5" selected="false">
+  <title>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5</title>
+  <description>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=md5</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:30" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-misc-hashalgo_md5 -->
+	<!-- @@GEN START rule-misc-hashalgo_des --> 
+<Rule id="rule-misc-hashalgo_des" selected="false">
+  <title>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des</title>
+  <description>file /etc/default/passwd may not have a line that matches ^CRYPT_FILES=des</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:31" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-misc-hashalgo_des -->
+	<!-- @@GEN START rule-misc-perm-check --> 
+<Rule id="rule-misc-perm-check" selected="false">
+  <title>file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set</title>
+  <description>file /etc/sysconfig/security must have a line that matches ^CHECK_PERMISSIONS.*set</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:32" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-misc-perm-check -->
+	<!-- @@GEN START rule-misc-sig-check --> 
+<Rule id="rule-misc-sig-check" selected="false">
+  <title>file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes</title>
+  <description>file /etc/sysconfig/security must have a line that matches ^CHECK_SIGNATURES.*yes</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:33" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-misc-sig-check -->
+	<!-- @@GEN START rule-srvc-dhcpd-chroot --> 
+<Rule id="rule-srvc-dhcpd-chroot" selected="false">
+  <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes</title>
+  <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_CHROOTED.*yes</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:38" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-srvc-dhcpd-chroot -->
+	<!-- @@GEN START rule-srvc-dhcpd-uid --> 
+<Rule id="rule-srvc-dhcpd-uid" selected="false">
+  <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd</title>
+  <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD_RUN_AS.*dhcpd</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:39" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-srvc-dhcpd-uid -->
+	<!-- @@GEN START rule-srvc-dhcpd6-chroot --> 
+<Rule id="rule-srvc-dhcpd6-chroot" selected="false">
+  <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes</title>
+  <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_CHROOTED.*yes</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:40" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-srvc-dhcpd6-chroot -->
+	<!-- @@GEN START rule-srvc-dhcpd6-uid --> 
+<Rule id="rule-srvc-dhcpd6-uid" selected="false">
+  <title>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd</title>
+  <description>file /etc/sysconfig/dhcpd must have a line that matches ^DHCPD6_RUN_AS.*dhcpd</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:41" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-srvc-dhcpd6-uid -->
+	<!-- @@GEN START rule-srvc-update-restart --> 
+<Rule id="rule-srvc-update-restart" selected="false">
+  <title>file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes</title>
+  <description>file /etc/sysconfig/services must have a line that matches ^DISABLE_RESTART_ON_UPDATE.*yes</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:42" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-srvc-update-restart -->
+	<!-- @@GEN START rule-srvc-remove-stop --> 
+<Rule id="rule-srvc-remove-stop" selected="false">
+  <title>file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes</title>
+  <description>file /etc/sysconfig/services must have a line that matches ^DISABLE_STOP_ON_REMOVAL.*yes</description>
+  <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+    <check-content-ref name="oval:de.suse.suse121:def:43" href="scap-yast2sec-oval.xml" />
+  </check>
+</Rule>
+	<!-- @@GEN END rule-srvc-remove-stop -->
+</Benchmark>
