When will OpenSCAP 1.2.9 be available here? https://fedorahosted.org/releases/o/p/openscap/
________________________________________ From: [email protected] <[email protected]> on behalf of [email protected] <[email protected]> Sent: Friday, April 22, 2016 9:31 PM To: [email protected] Subject: Open-scap-list Digest, Vol 85, Issue 24 Send Open-scap-list mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit https://www.redhat.com/mailman/listinfo/open-scap-list or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Open-scap-list digest..." Today's Topics: 1. oscap-ssh based remediation killing remote server (Fen Labalme) 2. OpenSCAP 1.2.9 (Jan Cerny) ---------------------------------------------------------------------- Message: 1 Date: Thu, 21 Apr 2016 18:14:04 -0400 From: Fen Labalme <[email protected]> To: open-scap-list <[email protected]> Subject: [Open-scap] oscap-ssh based remediation killing remote server Message-ID: <CAL4fX-+JrtyuQ0vPn=CKTLCw9ANL24GLCb7y=i2farra3ka...@mail.gmail.com> Content-Type: text/plain; charset="utf-8" Hi, I'm running oscap-ssh on CentOS 7 using oscap-user and the `sudo` option. Running a scan on a remote server works great (thank you!): oscap-ssh sudo [email protected] 22 xccdf eval --profile > xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream > --results-arf scans/results-arf.xml --results scans/results.xml --report > scans/results.html scap/ssg-centos7-ds.xml Then I run a remediation with the line: oscap-ssh sudo [email protected] 22 xccdf eval --remediate > --profile xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream > --results scans/remediation-results.xml --fetch-remote-resources > scap/ssg-centos7-ds.xml This completely kills access to the server at 192.168.56.102 (via host or dashboard). Am I calling remediation incorrectly? Has anyone else seen anything like this? No obvious errors are reported. Suggestions on how to debug what step might be killing the server are welcome. Note that it doesn't die until the SSJ connection is closed, e.g. after: Shared connection to 192.168.56.102 closed. > oscap exit code: 2 > Copying back requested files... > results.xml 100% > 1889KB 1.9MB/s 00:00 > Removing remote temporary directory... > Disconnecting ssh and removing master ssh socket directory... > Exit request sent. The exact steps I'm using are captured in a completely self-contained ansible role test setup (that uses vagrant) documented - shpuld you want to recreate my process - at https://github.com/openprivacy/ansible-role-govready/blob/master/tests/README.md Thanks, =Fen -- Fen Labalme, CISO at CivicActions.com Security | Quality | DevOps mobile: 412-996-4113 github/skype/twitter: openprivacy -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://www.redhat.com/archives/open-scap-list/attachments/20160421/df8331a3/attachment.html> ------------------------------ Message: 2 Date: Fri, 22 Apr 2016 09:31:48 -0400 (EDT) From: Jan Cerny <[email protected]> To: [email protected] Subject: [Open-scap] OpenSCAP 1.2.9 Message-ID: <[email protected]> Content-Type: text/plain; charset=utf-8 Hello OpenSCAPers, We are thrilled to announce general availability of OpenSCAP 1.2.9 release. This is the latest release from maint-1.2 maintenance branch. API/ABI is fully compatible with 1.2.0 release. Users of 1.2.x releases are recommended to update. Changes: - New features - oscap-chroot - a tool for offline scanning of filesystems mounted at arbitrary paths - enabled offline scanning in many probes - support for SCE in data streams - many improvements of verbose mode - verbose messages can be written on stderr - runlevel probe supports SUSE systems - new upstream tests - Maintenance - a lot of refactoring - fixes in various tests - OCILs are correctly placed in datastreams (issue #364) - oscap-vm can work with fusermount when guestunmount is not available - fixed oscap-docker HTTP communication issues (issue #304) - fixed oscap-docker tracebacks (issue #303, #317) - fixed container mounting in oscap-docker (issue #329) - added Fedora 25 CPE - only non-empty profiles are built (rhbz#1256879, rhbz#1302230) - fixed compiler errors on RHEL5 and SLES11 - fixed sorting of groups in HTML report (issue #342) - fixed version/@time and version/@update in XCCDF Benchmark - fixed CPE definitions to work also in offline mode - fixed sysctl probe (issue #258) - fixed manual page for oscap-ssh (rhbz#1299969) - updated user manuals and manual pages - updated .gitignore Special thanks to our new contributors Gautam Satish, Marek Haicman, Mooli Tayer and Quey-Liang Kao. Download: https://github.com/OpenSCAP/openscap/releases/download/1.2.9/openscap-1.2.9.tar.gz SHA512: 1a55b466c3acdea9423bff8d2662ff236b7edcbb88c04de23cb40ff7ba9536847aaed9495ab8b3904b9eac981c8a018d0f253769a848e7ccfd8ecb2aedc99e0f Audit, Fix, And Be Merry! -- Jan ?ern? Security Technologies, Red Hat, Inc. on behalf of OpenSCAP contributors ------------------------------ _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list End of Open-scap-list Digest, Vol 85, Issue 24 ********************************************** _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
