Hi, ----- Original Message ----- > From: "Pravin Goyal" <[email protected]> > To: "Jan Cerny" <[email protected]> > Sent: Monday, February 6, 2017 3:55:10 PM > Subject: Re: [Open-scap] oscap-docker on Ubuntu 14.04 > > Thanks, Jan. I don't have atomic installed. So, it means I cannot use > oscap-docker on Ubuntu 14.04?
Atomic is an important dependency, without it oscap-docker is not able to mount images and containers, therefore it does not scan :( I haven't found atomic in Ubuntu packages. You might try to install atomic from sources from Github. However, I have no experience with that. If you happen to make it working on Ubuntu, sharing your experience will be welcome. I have been googling for a while, but it seems that nobody has used atomic on Ubuntu so far. What possibly could help you is a small utility called oscap-chroot, that can scan arbitrary filesystems. You can mount the docker image's filesystem into a directory and then use oscap-chroot on that directory. See man oscap-chroot. > > I tried working with https://github.com/OpenSCAP/container-compliance. It > does work but gives random results. Is there a way we can make it better? To > me, it is not working with variables correctly and there are other errors > that I get when working with the CVE content. > > https://github.com/OpenSCAP/container-compliance is an obsolete repository. The code is no longer maintained. It was replaced by oscap-docker utility in our main repository. I think it is not worth trying to use this repository. Before merging it into main OpenSCAP repository the code was completely rewritten, it has been tested and many bugs have already been fixed. I'm sorry that my answer is not helpful, so I include the mailing list again hoping that someone else will have a better insight. Regards Jan Černý Security Technologies | Red Hat, Inc. > ________________________________ > From: Jan Cerny <[email protected]> > Sent: Monday, February 6, 2017 8:21:02 PM > To: Pravin Goyal > Cc: [email protected] > Subject: Re: [Open-scap] oscap-docker on Ubuntu 14.04 > > Hi, > > which Python version is used by your /usr/bin/oscap-docker ? > There might be a collision between Python2 and Python3. > The script should run on both versions of Python, but most likely > you have necessary modules only for Python 2. > > Also notice that oscap-docker needs Atomic [1] installed > as a dependency, to mount the container images. > I'm not sure whether atomic is available on Ubuntu. > > Regards > > [1] https://github.com/projectatomic/atomic > > Jan Černý > Security Technologies | Red Hat, Inc. > > ----- Original Message ----- > > From: "Pravin Goyal" <[email protected]> > > To: [email protected] > > Sent: Sunday, February 5, 2017 3:53:15 PM > > Subject: Re: [Open-scap] oscap-docker on Ubuntu 14.04 > > > > > > > > However, on the machine I do see openscap-python is present: > > > > > > > > > > > > ubuntu@ip-172-31-5-56:/usr/lib/python2.7/site-packages/oscap_docker_python$ > > ls > > get_cve_input.py get_cve_input.pyo __init__.pyc oscap_docker_util.py > > oscap_docker_util.pyo > > get_cve_input.pyc __init__.py __init__.pyo oscap_docker_util.pyc > > > > > > > > > > > > > > From: Pravin Goyal <[email protected]> > > Sent: Sunday, February 5, 2017 8:10:57 PM > > To: [email protected] > > Subject: oscap-docker on Ubuntu 14.04 > > > > > > Hi All, > > > > I could successfully compile OpenSCAP 1.2.13 on Ubuntu 14.04. But, > > oscap-docker does not seem to work. > > > > > > > > > > > > Traceback (most recent call last): > > File "/usr/bin/oscap-docker", line 23, in <module> > > from oscap_docker_python.oscap_docker_util import OscapScan > > ImportError: No module named oscap_docker_python.oscap_docker_util > > > > > > > > > > > > > > What could be the issue? > > > > > > > > > > Here is the output of oscap -V. > > > > > > > > > > Please let me know. > > > > > > > > > > Thanks and regards, > > > > Pravin Goyal > > > > > > > > > > > > ubuntu@ip-172-31-5-56:/$ oscap -V > > OpenSCAP command line tool (oscap) 1.2.13 > > Copyright 2009--2016 Red Hat Inc., Durham, North Carolina. > > > > ==== Supported specifications ==== > > XCCDF Version: 1.2 > > OVAL Version: 5.11.1 > > CPE Version: 2.3 > > CVSS Version: 2.0 > > CVE Version: 2.0 > > Asset Identification Version: 1.1 > > Asset Reporting Format Version: 1.1 > > > > ==== Capabilities added by auto-loaded plugins ==== > > No plugins have been auto-loaded... > > > > ==== Paths ==== > > Schema files: /usr/share/openscap/schemas > > Default CPE files: /usr/share/openscap/cpe > > Probes: /usr/libexec/openscap > > > > ==== Inbuilt CPE names ==== > > Red Hat Enterprise Linux - cpe:/o:redhat:enterprise_linux > > Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5 > > Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6 > > Red Hat Enterprise Linux 7 - cpe:/o:redhat:enterprise_linux:7 > > Community Enterprise Operating System 5 - cpe:/o:centos:centos:5 > > Community Enterprise Operating System 6 - cpe:/o:centos:centos:6 > > Community Enterprise Operating System 7 - cpe:/o:centos:centos:7 > > Scientific Linux 5 - cpe:/o:scientificlinux:scientificlinux:5 > > Scientific Linux 6 - cpe:/o:scientificlinux:scientificlinux:6 > > Scientific Linux 7 - cpe:/o:scientificlinux:scientificlinux:7 > > Fedora 16 - cpe:/o:fedoraproject:fedora:16 > > Fedora 17 - cpe:/o:fedoraproject:fedora:17 > > Fedora 18 - cpe:/o:fedoraproject:fedora:18 > > Fedora 19 - cpe:/o:fedoraproject:fedora:19 > > Fedora 20 - cpe:/o:fedoraproject:fedora:20 > > Fedora 21 - cpe:/o:fedoraproject:fedora:21 > > Fedora 22 - cpe:/o:fedoraproject:fedora:22 > > Fedora 23 - cpe:/o:fedoraproject:fedora:23 > > Fedora 24 - cpe:/o:fedoraproject:fedora:24 > > Fedora 25 - cpe:/o:fedoraproject:fedora:25 > > SUSE Linux Enterprise all versions - cpe:/o:suse:sle > > SUSE Linux Enterprise Server 10 - cpe:/o:suse:sles:10 > > SUSE Linux Enterprise Desktop 10 - cpe:/o:suse:sled:10 > > SUSE Linux Enterprise Server 11 - cpe:/o:suse:linux_enterprise_server:11 > > SUSE Linux Enterprise Desktop 11 - cpe:/o:suse:linux_enterprise_desktop:11 > > SUSE Linux Enterprise Server 12 - cpe:/o:suse:sles:12 > > SUSE Linux Enterprise Desktop 12 - cpe:/o:suse:sled:12 > > openSUSE 11.4 - cpe:/o:opensuse:opensuse:11.4 > > openSUSE 13.1 - cpe:/o:opensuse:opensuse:13.1 > > openSUSE 13.2 - cpe:/o:opensuse:opensuse:13.2 > > openSUSE 42.1 - cpe:/o:novell:leap:42.1 > > openSUSE All Versions - cpe:/o:opensuse:opensuse > > Red Hat Enterprise Linux Optional Productivity Applications - > > cpe:/a:redhat:rhel_productivity > > Red Hat Enterprise Linux Optional Productivity Applications 5 - > > cpe:/a:redhat:rhel_productivity:5 > > Wind River Linux all versions - cpe:/o:windriver:wrlinux > > Wind River Linux 8 - cpe:/o:windriver:wrlinux:8 > > > > ==== Supported OVAL objects and associated OpenSCAP probes ==== > > system_info probe_system_info > > family probe_family > > filehash probe_filehash > > environmentvariable probe_environmentvariable > > textfilecontent54 probe_textfilecontent54 > > textfilecontent probe_textfilecontent > > variable probe_variable > > xmlfilecontent probe_xmlfilecontent > > environmentvariable58 probe_environmentvariable58 > > filehash58 probe_filehash58 > > dpkginfo probe_dpkginfo > > inetlisteningservers probe_inetlisteningservers > > rpminfo probe_rpminfo > > partition probe_partition > > iflisteners probe_iflisteners > > rpmverify probe_rpmverify > > rpmverifyfile probe_rpmverifyfile > > rpmverifypackage probe_rpmverifypackage > > selinuxboolean probe_selinuxboolean > > selinuxsecuritycontext probe_selinuxsecuritycontext > > systemdunitproperty probe_systemdunitproperty > > systemdunitdependency probe_systemdunitdependency > > file probe_file > > interface probe_interface > > password probe_password > > process probe_process > > runlevel probe_runlevel > > shadow probe_shadow > > uname probe_uname > > xinetd probe_xinetd > > sysctl probe_sysctl > > routingtable probe_routingtable > > symlink probe_symlink > > > > > > > > > > > > > > _______________________________________________ > > Open-scap-list mailing list > > [email protected] > > https://www.redhat.com/mailman/listinfo/open-scap-list > _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
