Having installed OpenSCAP 1.2.9, the workbench run is much more successful. 
However there are still errors, albeit much lesser than before. Any tips?




01:58:28 
info 
Establishing connecting to remote target...


01:58:32 
info 
Connection established.


01:58:32 
info 
Checking if oscap is available on remote machine...


01:58:39 
info 
Querying capabilities on remote machine...


01:58:47 
info 
Copying input data to remote target...


01:59:32 
info 
Starting the remote process...


01:59:32 
info 
Processing on the remote machine...


01:59:43 
error 
The 'oscap' process has written the following content to stderr: E: The package 
cache file is corrupted 


01:59:43 
error 
The 'oscap' process has written the following content to stderr: E: The package 
cache file is corrupted 


01:59:43 
error 
The 'oscap' process has written the following content to stderr: E: The package 
cache file is corrupted 


01:59:43 
error 
The 'oscap' process has written the following content to stderr: E: The package 
cache file is corrupted 


01:59:44 
error 
The 'oscap' process has written the following content to stderr: E: The package 
cache file is corrupted 


01:59:44 
error 
The 'oscap' process has written the following content to stderr: E: The package 
cache file is corrupted 


01:59:44 
error 
The 'oscap' process has written the following content to stderr: E: The package 
cache file is corrupted 


01:59:44 
error 
The 'oscap' process has written the following content to stderr: E: The package 
cache file is corrupted 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: OpenSCAP 
Error: Probe with PID=10485 has been killed with signal 11 
[../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Item 
corresponding to object 'oval:ssg-obj_package_rsyslog_installed:obj:1' from 
test 'oval:ssg-test_package_rsyslog_installed:tst:1' has an unknown flag. This 
may indicate a bug in OpenSCAP. 
[../../../../src/OVAL/results/oval_resultTest.c:908] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Probe with 
PID=10510 has been killed with signal 11 
[../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Item 
corresponding to object 'oval:ssg-obj_package_telnetd_removed:obj:1' from test 
'oval:ssg-test_package_telnetd_removed:tst:1' has an unknown flag. This may 
indicate a bug in OpenSCAP. 
[../../../../src/OVAL/results/oval_resultTest.c:908] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Probe with 
PID=10516 has been killed with signal 11 
[../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Item 
corresponding to object 'oval:ssg-obj_package_inetutils-telnetd_removed:obj:1' 
from test 'oval:ssg-test_package_inetutils-telnetd_removed:tst:1' has an 
unknown flag. This may indicate a bug in OpenSCAP. 
[../../../../src/OVAL/results/oval_resultTest.c:908] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Probe with 
PID=10522 has been killed with signal 11 
[../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Item 
corresponding to object 'oval:ssg-obj_package_telnetd-ssl_removed:obj:1' from 
test 'oval:ssg-test_package_telnetd-ssl_removed:tst:1' has an unknown flag. 
This may indicate a bug in OpenSCAP. 
[../../../../src/OVAL/results/oval_resultTest.c:908] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Probe with 
PID=10528 has been killed with signal 11 
[../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Item 
corresponding to object 'oval:ssg-obj_package_nis_removed:obj:1' from test 
'oval:ssg-test_package_nis_removed:tst:1' has an unknown flag. This may 
indicate a bug in OpenSCAP. 
[../../../../src/OVAL/results/oval_resultTest.c:908] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Probe with 
PID=10534 has been killed with signal 11 
[../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Item 
corresponding to object 'oval:ssg-obj_package_ntpdate_removed:obj:1' from test 
'oval:ssg-test_package_ntpdate_removed:tst:1' has an unknown flag. This may 
indicate a bug in OpenSCAP. 
[../../../../src/OVAL/results/oval_resultTest.c:908] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Probe with 
PID=10540 has been killed with signal 11 
[../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Item 
corresponding to object 'oval:ssg-obj_package_ntp_installed:obj:1' from test 
'oval:ssg-test_package_ntp_installed:tst:1' has an unknown flag. This may 
indicate a bug in OpenSCAP. 
[../../../../src/OVAL/results/oval_resultTest.c:908] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Probe with 
PID=10546 has been killed with signal 11 
[../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] 


01:59:46 
error 
The 'oscap' process has written the following content to stderr: Item 
corresponding to object 'oval:ssg-obj_package_openssh-server_removed:obj:1' 
from test 'oval:ssg-test_package_openssh-server_removed:tst:1' has an unknown 
flag. This may indicate a bug in OpenSCAP. 
[../../../../src/OVAL/results/oval_resultTest.c:908] 


02:00:09 
info 
Cleaning up...


02:00:47 
info 
Processing has been finished!




On Friday, April 7, 2017 2:02 AM, Luther Goh Lu Feng <elf...@yahoo.com> wrote:






On Thursday, April 6, 2017 10:20 PM, Luther Goh Lu Feng <elf...@yahoo.com> 
wrote:



Thanks for the suggestion! I will most certainly attempt to install  OpenSCAP 
1.2.9 from testing.

I am still very much a noob figuring out my way around the various security 
concepts such as OVAL, XCCDF. So pardon me if I indicate any wrong assumptions 
as I have not fully yet read the manual.


In my debugging, I have ran $ oscap oval eval --results debian-2014.xml 
--report debian-2014.html oval-definitions-2014.xml, and managed to get a 
proper report. The oval definitions are from debian[1].

So questions:

- Does this successful run mean that OpenSCAP 1.0.9 supports OVAL 5.11 without 
issues?
- Is OpenSCAP cli on par functionality wise with SCAP workbench?


[1] https://www.debian.org/security/oval/




On Thursday, April 6, 2017 4:50 PM, Jan Cerny <jce...@redhat.com> wrote:



Hi,

That is pretty cool that you want to run OpenSCAP on such a device.
I like it! You're the first person that I know running it on ARM :)

I think the problem is that Debian Jessie has OpenSCAP 1.0.9,
which is an old version that doesn't support systemd related tests
and it also can't process OVAL documents using OVAL standard 5.11,
which we use to write security policies. The error messages
look like that's the problem.

I suggest trying to backport OpenSCAP packages from Debian Testing (Stretch)
Debian Testing has OpenSCAP 1.2.9 that supports those new standards
and systemd.

Or you might try to compile the latest upstream release 1.2.14 directly from
the sources on Github [1] and install that on your device.

However I don't have an ARM machine with Debian, so I haven't verified
if there is any other issue :) If you encounter a problem,
please inform us. Thank you.


[1] 
https://github.com/OpenSCAP/openscap/releases/download/1.2.14/openscap-1.2.14.tar.gz


Best regards

Jan Černý
Security Technologies | Red Hat, Inc.





----- Original Message -----
> From: "Luther Goh Lu Feng" <elf...@yahoo.com>
> To: open-scap-list@redhat.com
> Sent: Thursday, April 6, 2017 6:07:18 AM
> Subject: [Open-scap] Using scap workbench to scan Debian on Beaglebone Black
> 
> I have installed SCAP Workbench on Mac OS X[1] and attempted to scan a
> Beaglebone Black with Debian installed remotely. Debian has been installed
> with OpenSCAP[2]. However the scan threw up a lot of errors and didn't
> complete. I am only including a small subset of the errors so as not to
> overwhelm readers with the amount of text. But am happy to furnish the full
> logs in pastebin if it is helpful. Hope to have some tips. Thanks!
> 
> 
> 13:28:47
> info
> Connection established.
> 
> 
> 13:28:47
> info
> Checking if oscap is available on remote machine...
> 
> 
> 13:28:59
> info
> Querying capabilities on remote machine...
> 
> 
> 13:29:13
> info
> Copying input data to remote target...
> 
> 
> 13:30:32
> info
> Starting the remote process...
> 
> 
> 13:30:32
> info
> Processing on the remote machine...
> 
> 
> 13:30:47
> error
> The 'oscap' process has written the following content to stderr: OpenSCAP
> Error: File '/tmp/tmp.3WyW7Kt0Aa' line 1835: Element
> '{http://oval.mitre.org/XMLSchema/oval-definitions-5#linux}systemdunitdependency_test':
> This element is not expected.
> 
> 
> 13:30:47
> error
> The 'oscap' process has written the following content to stderr:
> [../../../src/XCCDF/xccdf_session.c:342]
> 
> 
> 13:30:47
> error
> The 'oscap' process has written the following content to stderr: File
> '/tmp/tmp.3WyW7Kt0Aa' line 2482: Element
> '{http://oval.mitre.org/XMLSchema/oval-definitions-5#linux}systemdunitdependency_object':
> This element is not expected.
> 
> 
> 13:30:47
> error
> The 'oscap' process has written the following content to stderr:
> [../../../src/XCCDF/xccdf_session.c:342]
> 
> 
> 13:30:47
> error
> The 'oscap' process has written the following content to stderr: File
> '/tmp/tmp.3WyW7Kt0Aa' line 3427: Element
> '{http://oval.mitre.org/XMLSchema/oval-definitions-5#linux}systemdunitdependency_state':
> This element is not expected.
> 
> 
> 13:30:47
> error
> The 'oscap' process has written the following content to stderr:
> [../../../src/XCCDF/xccdf_session.c:342]
> 
> 
> 13:30:47
> error
> The 'oscap' process has written the following content to stderr: File
> '/tmp/tmp.3WyW7Kt0Aa' line 3653: Element
> '{http://oval.mitre.org/XMLSchema/oval-definitions-5}glob_to_regex': This
> element is not expected. Expected is one of (
> {http://www.w3.org/2000/09/xmldsig#}Signature,
> {http://oval.mitre.org/XMLSchema/oval-definitions-5}object_component,
> {http://oval.mitre.org/XMLSchema/oval-definitions-5}variable_component,
> {http://oval.mitre.org/XMLSchema/oval-definitions-5}literal_component,
> {http://oval.mitre.org/XMLSchema/oval-definitions-5}arithmetic,
> {http://oval.mitre.org/XMLSchema/oval-definitions-5}begin,
> {http://oval.mitre.org/XMLSchema/oval-definitions-5}concat,
> {http://oval.mitre.org/XMLSchema/oval-definitions-5}end,
> {http://oval.mitre.org/XMLSchema/oval-definitions-5}escape_regex,
> {http://oval.mitre.org/XMLSchema/oval-definitions-5}split ).
> 
> 
> 
> 
> [1] https://www.open-scap.org/tools/scap-workbench/
> [2] https://packages.debian.org/jessie/python-openscap
> 
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list@redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list

> 

_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to