Hi Shawn, In first case you have a mistake, you are using OVAL content instead of XCCDF in oscap xccdf evel.
In second case there is a known bug. https://bugzilla.redhat.com/show_bug.cgi?id=1387248 https://github.com/OpenSCAP/openscap/issues/475 When oscap returns exit code 2 the system isn't compliant with the given profile. However oscap-docker didn't handle the exit code correctly and reports an error. The bug is fixed in OpenSCAP 1.2.12. Regards Jan Černý Security Technologies | Red Hat, Inc. ----- Original Message ----- > From: "Shawn Wells" <[email protected]> > To: "open-scap-list" <[email protected]> > Sent: Thursday, November 17, 2016 1:00:14 AM > Subject: [Open-scap] oscap-docker: OVAL vs XCCDF eval > > Attempting to use oscap-docker on RHEL7 host, scanning RHEL7 containers. > I can use the OVAL scanner but not XCCDF eval. Is this a known issue? > > e.g. > > > # oscap-docker container rhel7.0 oval eval \ > > --results oval-results.xml \ > > --report report.html\ > > /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml > > ...... > > Definition oval:ssg-xwindows_runlevel_setting:def:1: true > > Definition oval:ssg-wireless_disable_interfaces:def:1: true > > Definition oval:ssg-var_umask_for_daemons_as_number:def:1: true > > Definition oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1: unknown > > Definition oval:ssg-var_accounts_user_umask_as_number:def:1: true > > Definition oval:ssg-userowner_shadow_file:def:1: true > > ...... > > > But if using an actual profile: > > # oscap-docker container rhel7.0 xccdf eval \ > > --profile > > xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream \ > > --results xccdf-results.xml \ > > --report report.html\ > > /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml > > > > OpenSCAP Error: Session input file was determined but it isn't an > > XCCDF file, a source datastream or an XCCDF tailoring file. > > [xccdf_session.c:135] > > > > Command: oscap xccdf eval --profile > > xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream > > --results oval-results.xml --report report.html > > /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml failed! > > > > Error was: > > > > Command '['oscap', 'xccdf', 'eval', '--profile', > > 'xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream', > > '--results', 'oval-results.xml', '--report', 'report.html', > > '/usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml']' returned > > non-zero exit status 1 > > Also tried with XCCDF file, vs datastream: > > > # oscap-docker container rhel7.0 xccdf eval \ > > > --profile stig-rhel7-server-upstream \ > > > --results xccdf-results.xml \ > > > --report report.html \ > > > /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml > > WARNING: Skipping > > http://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 > > file which is referenced from XCCDF content > > > > Command: oscap xccdf eval --profile stig-rhel7-server-upstream > > --results xccdf-results.xml --report report.html > > /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml failed! > > > > Error was: > > > > Command '['oscap', 'xccdf', 'eval', '--profile', > > 'stig-rhel7-server-upstream', '--results', 'xccdf-results.xml', > > '--report', 'report.html', > > '/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml']' returned > > non-zero exit status 2 > > > _______________________________________________ > Open-scap-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/open-scap-list > _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
