Ouch, I can reproduce this particular problem with port. Can you please
file an issue on the upstream SCAP Workbench?
https://github.com/OpenSCAP/scap-workbench/issues
For the "scanner not found" problem, that's something I cannot reproduce
just yet. Is your machine ssh-accessible on both ports? And connecting
to port 22 results in different environment than that 60215? Because if
it couldn't connect, error would be different.
And a note to taking very long time - it should be uploading datastream
to the target machine, [same as oscap-ssh]. Is the delay longer than
using commandline?
Thanks,
Marek
On 09/22/2017 11:48 AM, DD Donny Lie wrote:
sorry, I mean, although i change SSH port to something else like *60215*,
the dry run command will result:
*oscap-ssh r <mailto:[email protected]>oot@target-ip 22Â xccdf eval \*
*--fetch-remote-resources \*
*--datastream-id
scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml \*
*--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \*
*--profile xccdf_org.ssgproject.content_profile_standard \*
*--oval-results --results /tmp/xccdf-results.xml \*
*--results-arf /tmp/arf.xml \*
*--report /tmp/report.html \*
*/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml*
*
*
But I notice if I use port like 111 or 8000, it will correctly displayed,
changing port to 50000 or 60000 will result above (port 22)
On Fri, Sep 22, 2017 at 4:35 PM, DD Donny Lie <[email protected]
<mailto:[email protected]>> wrote:
If I use this in CentOS 7 terminal (removed --oval-results,
--results-arf):
*oscap-ssh root@ip-address 60215 xccdf eval \*
*--fetch-remote-resources \*
*--datastream-id
scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml \*
*--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \*
*--profile xccdf_org.ssgproject.content_profile_standard \*
*--report /root/report-standard-via-clie.html \*
*/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml*
*it is working,*
but same 'dry run' command above *USING* workbench will result:
*error*
*Failed to locate oscap on remote machine. Please, check that
openscap-scanner is installed on the remote machine.*
and the workbench is loading very long while I click scan,
and 'dry run' will result in clipboard below (which maybe you guys
should fix it):
*oscap-ssh [email protected] <mailto:[email protected]> 22xccdf eval \*
*--fetch-remote-resources \*
*--datastream-id
scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml \*
*--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \*
*--profile xccdf_org.ssgproject.content_profile_standard \*
*--oval-results --results /tmp/xccdf-results.xml \*
*--results-arf /tmp/arf.xml \*
*--report /tmp/report.html \*
*/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml*
On Fri, Sep 22, 2017 at 3:21 PM, DD Donny Lie <[email protected]
<mailto:[email protected]>> wrote:
*From CentOS 7 (scap workbench) *
*to target (CentOS 7) installed latest openscap-scanner*
*the target is VM guest under ESXi 5.5,*
*
*
15:02:25
info
SCAP Workbench 1.1.4, compiled with Qt 4.8.5, using OpenSCAP 1.2.14
15:02:54
info
Opened file '/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml'.
15:04:08
info
Establishing connecting to remote target...
15:04:18
info
Connection established.
15:04:18
info
Checking if oscap is available on remote machine...
15:08:19
error
Failed to locate oscap on remote machine. Please, check that
openscap-scanner is installed on the remote machine.
*Am I missing something? this should be pretty basic right, but
its not working?*
On Fri, Sep 22, 2017 at 2:49 PM, DD Donny Lie <[email protected]
<mailto:[email protected]>> wrote:
*Target Machine:*
oscap -V
OpenSCAP command line tool (oscap) 1.2.14
Copyright 2009--2017 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ====
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
==== Capabilities added by auto-loaded plugins ====
No plugins have been auto-loaded...
==== Paths ====
Schema files: /usr/share/openscap/schemas
Default CPE files: /usr/share/openscap/cpe
Probes: /usr/libexec/openscap
On Thu, Sep 21, 2017 at 8:29 PM, DD Donny Lie
<[email protected] <mailto:[email protected]>> wrote:
*Here you go my detail:*
Target machine: CentOS 7 (installed openscap-scanner)
scap-workbench: RHEL 7
connect via internet
root@target-ip at port 60215
port forwarding to 22
*
*
*Diganostics says:*
19:47:55
info
SCAP Workbench 1.1.4, compiled with Qt 4.8.5, using
OpenSCAP 1.2.14
19:48:00
info
Opened file
'/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml'.
19:48:37
info
Establishing connecting to remote target...
19:48:46
info
Connection established.
19:48:46
info
Checking if oscap is available on remote machine...
19:48:47
error
*Failed to locate oscap on remote machine. Please, check
that openscap-scanner is installed on the remote machine.*
*Thanks,*
*Donny Lie*
On Thu, Sep 21, 2017 at 7:44 PM, DD Donny Lie
<[email protected] <mailto:[email protected]>> wrote:
Hello,
I have a CentOS 7 with installed openscap-scanner
and I use scap-workbench from my laptop with VM RHEL
7, trying to remote scan the CentOS 7,
It succeed login via SSH but Diagnostics says:
*error
*
*Failed to locate oscap on remote machine. Please,
check that openscap-scanner is installed on the
remote machine.*
Am I missing something?
--
*Donny Lie*
_______________________________________________
Open-scap-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/open-scap-list
_______________________________________________
Open-scap-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/open-scap-list
