Hi Shawn,
if you see all the rules with notapplicable results it's because we
start supporting CPE applicability processing.
I see this in the content:
<platform idref="cpe:/o:redhat:enterprise_linux:6"/>
<platform idref="cpe:/o:redhat:enterprise_linux:6::client"/>
Please use "--cpe-dict" option. I have just found out that it's missing
in a man page. Well I need kick someone. :)
--cpe-dict ssg-rhel6-cpe-dictionary.xml
should work for you if you are on RHEL6 system.
If for some reason you don't want cpe applicability check you need to
remove <platform> elements from the content.
Peter.
On 11/01/2012 05:48 PM, Shawn Wells wrote:
On 11/1/12 12:42 PM, Shawn Wells wrote:
On 11/1/12 12:34 PM, Steve Grubb wrote:
On Thursday, November 01, 2012 05:31:00 PM Peter Vrabec wrote:
>why do you consider this an openscap bug? I suppose it's a bug in the
>content. The profile you want to evaluate reference to not existing
rule.
Well, the original poster was using 0.8 and I know bugs have been
fixed since
then. So, in troubleshooting the issue, its a simple step to just
update to
the latest and see if its still there or its fixed. They said its
still there,
so its time to look deeper at the content.
Maybe git bisect is helpful if it is known to have worked sometime
in the
past.
There's a two part problem. Yes, some errors are caused by the bugs in
RHEL6 openscap (v0.8?). Specifically:
1 1871 In file 'xccdf-results.xml' on line 15992: Element
'{http://checklists.nist.gov/xccdf/1.1}ident': This element is not
expected.
Expected is ( {http://checklists.nist.gov/xccdf/1.1}result ).
1 1871 In file 'xccdf-results.xml' on line 15995: Element
'{http://checklists.nist.gov/xccdf/1.1}ident': This element is not
expected.
Expected is ( {http://checklists.nist.gov/xccdf/1.1}result ).
With that said, there are errors in the XCCDF content itself. Patches
coming soon.
Just sent out a few patches which clears up the errors, however the
rules now all state "notapplicable"
....continuing to investigate. Thoughts/patches welcome!
$ oscap xccdf eval --profile stig-server RHEL6/output/ssg-rhel6-xccdf.xml
Title Verify No netrc Files Exist
Rule no_netrc_files
Ident CCE-TODO
Result notapplicable
Title Create Warning Banners for All FTP Users
Rule ftp_present_banner
Ident CCE-4554-2
Result notapplicable
_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
