Hello Karin,
I took your file and run it through validation.
$ oscap oval validate --schematron /tmp/oval.xml
<?xml version="1.0"?>
oval:x:obj:30001 - The datatype for the ind:instance entity is 'int' but
the value is not an integer.
oval:x:obj:30002 - referenced variable
oval:fr.gouv.defense.dgsic:var:1354 not found. The var_ref entity must
hold a variable id that exists in the document.
The problem is that you specify instance to be an integer, however you
pass in a string. That string just happens to be a name of some other
object.
Try to use @var_ref attribute to reference variable instead. Something
along the lines of
<ind:instance
datatype="int"
operation="equals"
var_ref="oval:x:var:1344"
var_check="at least one"
/>
Then you can drop `oval:x:obj:30002` object from your source.
Usually, when debugging issues like this I use "--results-arf /tmp/x",
then I can review what bits propagated to which entities. Then I
meditate. Then I buy Red Bull Cola and meditate again.
Jan Černý is working on verbose mode of OpenSCAP. Verbose mode will make
meditation part obsolete. Jan makes good progress each month, and you
can try to use it.
http://www.jan-cerny.cz/2015/12/09/verbose-mode-in-openscap-1-2-7/
Best,
~š.
On 03/05/2016 06:43 PM, Karim BENZINA wrote:
Hi,
I'm trying to insert a variable as number of instance in 30001 object. I
need to check that the number of instance is equal to a local variable
that i provide but it does not work.
Could you help me to use a variable as a number of occurence of my
pattern match.
In my example, if i put 4 as below , it works (result is true)
<ind:instance datatype="int" operation="equals">4</ind:instance>
but it put the variable which has a value of 4, it does not work(result
is false).
<ind:instance datatype="int"
operation="equals">oval:x:obj:30002</ind:instance>
Thank you in advance for your help.
Please find below my oval script.
<definitions>
<definition id="oval:x:def:10001" version="1" class="compliance">
<metadata>
<title>1.2.2 Enable the Log Config Module</title>
<affected family="unix">
<platform>Linux CentOS</platform>
</affected>
<reference source="Linux" ref_id="Linux" />
<description>The log_config module provides for flexible logging of
client requests, and provides for the configuration of the information
in each log. </description>
</metadata>
<criteria operator="AND" comment="test">
<criterion comment="Check Module in httpd.conf"
test_ref="oval:x:tst:20001"/>
</criteria>
</definition>
</definitions>
<tests>
<ind:textfilecontent54_test comment="test" check="all"
id="oval:x:tst:20001" version="1">
<ind:object object_ref="oval:x:obj:30001"/>
</ind:textfilecontent54_test>
</tests>
<objects>
<ind:textfilecontent54_object id="oval:x:obj:30001" version="1">
<ind:behaviors/>
<ind:filepath operation="pattern
match">/home/benzina/test/test1</ind:filepath>
<ind:pattern operation="pattern
match"><VirtualHost\s\*:80>\n((?!ErrorLog).*\n*)*ErrorLog\n*((?!ErrorLog).\n*)*<\/VirtualHost></ind:pattern>
<ind:instance datatype="int"
operation="equals">oval:x:obj:30002</ind:instance>
</ind:textfilecontent54_object>
<ind:variable_object id="oval:x:obj:30002" version="1">
<ind:var_ref>oval:fr.gouv.defense.dgsic:var:1354</ind:var_ref>
</ind:variable_object>
</objects>
<variables>
<constant_variable id="oval:x:var:1344" comment="constant variable
of 4" datatype="int" version="1">
<value>4</value>
</constant_variable>
</variables>
</oval_definitions>
Regards,
--
~š.
_______________________________________________
Open-scap-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/open-scap-list
