Hi, I'm running oscap-ssh on CentOS 7 using oscap-user and the `sudo` option. Running a scan on a remote server works great (thank you!):
oscap-ssh sudo [email protected] 22 xccdf eval --profile > xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream > --results-arf scans/results-arf.xml --results scans/results.xml --report > scans/results.html scap/ssg-centos7-ds.xml Then I run a remediation with the line: oscap-ssh sudo [email protected] 22 xccdf eval --remediate > --profile xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream > --results scans/remediation-results.xml --fetch-remote-resources > scap/ssg-centos7-ds.xml This completely kills access to the server at 192.168.56.102 (via host or dashboard). Am I calling remediation incorrectly? Has anyone else seen anything like this? No obvious errors are reported. Suggestions on how to debug what step might be killing the server are welcome. Note that it doesn't die until the SSJ connection is closed, e.g. after: Shared connection to 192.168.56.102 closed. > oscap exit code: 2 > Copying back requested files... > results.xml 100% > 1889KB 1.9MB/s 00:00 > Removing remote temporary directory... > Disconnecting ssh and removing master ssh socket directory... > Exit request sent. The exact steps I'm using are captured in a completely self-contained ansible role test setup (that uses vagrant) documented - shpuld you want to recreate my process - at https://github.com/openprivacy/ansible-role-govready/blob/master/tests/README.md Thanks, =Fen -- Fen Labalme, CISO at CivicActions.com Security | Quality | DevOps mobile: 412-996-4113 github/skype/twitter: openprivacy
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
