one last thing, if you really want to reproduce my problem, then you have to use port forwarding in router, or maybe just simply change the target incoming port ssh to 60000 will sufice,
and try it via LAN or internet, On Fri, Sep 22, 2017 at 6:10 PM, DD Donny Lie <[email protected]> wrote: > *"For the "scanner not found" problem, that's something I cannot reproduce > just yet. Is your machine ssh-accessible on both ports? And connecting to > port 22 results in different environment than that 60215? Because if it > couldn't connect, error would be different." * > > target machine ssh port is 22 > since i have a lot VM in target location and using home broadband fiber > with single dynamic public IP, I use port forwarding to access my 16 VMs, > > so in router (port forwarding), accessing ssh port 60215 translate to port > 22 in particular VM, > > and I notice installing workbench in RHEL 7, the GUI don't offer other > content (such as: CentOS 6/7), > > dont you think the gui app should offer all possible content load? because > it is intended has ability to scan remote right? which can be other than > the local OS? > > but even I use workbench + CentOS 7, I'm still not able to remote GUI scan > CentOS 7, > > my target CentOS dont contain anything fancy but nano, bash-it, change > hostname, ip, dns, gateway, vmware tools, etc. > > > *below is detail of my target (CentOS 7 x64) setings:* > > ### Set timezone > > Ping pool.ntp.org > > timedatectl set-timezone Asia/Jakarta > > timedatectl > > > ### Install VMware tools > > yum list installed | grep vmtoolsd > > yum install -y open-vm-tools > > systemctl start vmtoolsd.service > > systemctl status vmtoolsd > > systemctl is-enabled vmtoolsd > > > ### Set hostname > > hostnamectl set-hostname my-hostname –static > > hostnamectl set-hostname my-hostname --transient > > hostnamectl status > > > ### Set Static IP address, DNS, Gateway > > nmcli > > nmcli –p device > > nmcli device show > > nano /etc/sysconfig/network-scripts/ifcfg-xxxxx > > > > BOOTPROTO=none > > # Server IP # > > IPADDR=xx.xx.xx.xx > > # Subnet # > > NETMASK=255.255.255.0 > > # Set default gateway IP # > > GATEWAY=192.168.2.254 > > # Set dns servers # > > DNS1=192.168.2.254 > > DNS2=8.8.8.8 > > DNS3=8.8.4.4 > > # Disable ipv6 # > > IPV6INIT=no > > > > systemctl restart network > > nmcli device show or ifconfig > > > ### Nano + Change PS1 using Bash-it > > yum install -y nano > > > > upload to /opt/bash-it > > chmod 744 install.sh > > ./install.sh > > # Reload bash > > exec bash > > > On Fri, Sep 22, 2017 at 4:48 PM, DD Donny Lie <[email protected]> wrote: > >> sorry, I mean, although i change SSH port to something else like *60215*, >> the dry run command will result: >> >> *oscap-ssh r <[email protected]>oot@target-ip 22 xccdf eval \* >> *--fetch-remote-resources \* >> *--datastream-id >> scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml \* >> *--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \* >> *--profile xccdf_org.ssgproject.content_profile_standard \* >> *--oval-results --results /tmp/xccdf-results.xml \* >> *--results-arf /tmp/arf.xml \* >> *--report /tmp/report.html \* >> */usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml* >> >> >> But I notice if I use port like 111 or 8000, it will correctly displayed, >> changing port to 50000 or 60000 will result above (port 22) >> >> >> >> On Fri, Sep 22, 2017 at 4:35 PM, DD Donny Lie <[email protected]> wrote: >> >>> If I use this in CentOS 7 terminal (removed --oval-results, >>> --results-arf): >>> *oscap-ssh root@ip-address 60215 xccdf eval \* >>> *--fetch-remote-resources \* >>> *--datastream-id >>> scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml \* >>> *--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \* >>> *--profile xccdf_org.ssgproject.content_profile_standard \* >>> *--report /root/report-standard-via-clie.html \* >>> */usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml* >>> >>> *it is working,* >>> >>> >>> but same 'dry run' command above *USING* workbench will result: >>> *error* >>> *Failed to locate oscap on remote machine. Please, check that >>> openscap-scanner is installed on the remote machine.* >>> >>> and the workbench is loading very long while I click scan, >>> >>> >>> >>> and 'dry run' will result in clipboard below (which maybe you guys >>> should fix it): >>> *oscap-ssh [email protected] <[email protected]> 22 xccdf eval \* >>> *--fetch-remote-resources \* >>> *--datastream-id >>> scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml \* >>> *--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \* >>> *--profile xccdf_org.ssgproject.content_profile_standard \* >>> *--oval-results --results /tmp/xccdf-results.xml \* >>> *--results-arf /tmp/arf.xml \* >>> *--report /tmp/report.html \* >>> */usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml* >>> >>> >>> On Fri, Sep 22, 2017 at 3:21 PM, DD Donny Lie <[email protected]> wrote: >>> >>>> *From CentOS 7 (scap workbench) * >>>> *to target (CentOS 7) installed latest openscap-scanner* >>>> *the target is VM guest under ESXi 5.5,* >>>> >>>> >>>> 15:02:25 >>>> info >>>> SCAP Workbench 1.1.4, compiled with Qt 4.8.5, using OpenSCAP 1.2.14 >>>> >>>> 15:02:54 >>>> info >>>> Opened file '/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml'. >>>> >>>> 15:04:08 >>>> info >>>> Establishing connecting to remote target... >>>> >>>> 15:04:18 >>>> info >>>> Connection established. >>>> >>>> 15:04:18 >>>> info >>>> Checking if oscap is available on remote machine... >>>> >>>> 15:08:19 >>>> error >>>> Failed to locate oscap on remote machine. Please, check that >>>> openscap-scanner is installed on the remote machine. >>>> >>>> >>>> *Am I missing something? this should be pretty basic right, but its not >>>> working?* >>>> >>>> >>>> On Fri, Sep 22, 2017 at 2:49 PM, DD Donny Lie <[email protected]> >>>> wrote: >>>> >>>>> *Target Machine:* >>>>> >>>>> oscap -V >>>>> OpenSCAP command line tool (oscap) 1.2.14 >>>>> Copyright 2009--2017 Red Hat Inc., Durham, North Carolina. >>>>> >>>>> ==== Supported specifications ==== >>>>> XCCDF Version: 1.2 >>>>> OVAL Version: 5.11.1 >>>>> CPE Version: 2.3 >>>>> CVSS Version: 2.0 >>>>> CVE Version: 2.0 >>>>> Asset Identification Version: 1.1 >>>>> Asset Reporting Format Version: 1.1 >>>>> >>>>> ==== Capabilities added by auto-loaded plugins ==== >>>>> No plugins have been auto-loaded... >>>>> >>>>> ==== Paths ==== >>>>> Schema files: /usr/share/openscap/schemas >>>>> Default CPE files: /usr/share/openscap/cpe >>>>> Probes: /usr/libexec/openscap >>>>> >>>>> >>>>> On Thu, Sep 21, 2017 at 8:29 PM, DD Donny Lie <[email protected]> >>>>> wrote: >>>>> >>>>>> *Here you go my detail:* >>>>>> Target machine: CentOS 7 (installed openscap-scanner) >>>>>> scap-workbench: RHEL 7 >>>>>> connect via internet >>>>>> >>>>>> root@target-ip at port 60215 >>>>>> port forwarding to 22 >>>>>> >>>>>> *Diganostics says:* >>>>>> >>>>>> 19:47:55 >>>>>> info >>>>>> SCAP Workbench 1.1.4, compiled with Qt 4.8.5, using OpenSCAP 1.2.14 >>>>>> >>>>>> 19:48:00 >>>>>> info >>>>>> Opened file '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml'. >>>>>> >>>>>> 19:48:37 >>>>>> info >>>>>> Establishing connecting to remote target... >>>>>> >>>>>> 19:48:46 >>>>>> info >>>>>> Connection established. >>>>>> >>>>>> 19:48:46 >>>>>> info >>>>>> Checking if oscap is available on remote machine... >>>>>> >>>>>> 19:48:47 >>>>>> error >>>>>> *Failed to locate oscap on remote machine. Please, check that >>>>>> openscap-scanner is installed on the remote machine.* >>>>>> >>>>>> *Thanks,* >>>>>> *Donny Lie* >>>>>> >>>>>> >>>>>> On Thu, Sep 21, 2017 at 7:44 PM, DD Donny Lie <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hello, >>>>>>> I have a CentOS 7 with installed openscap-scanner >>>>>>> and I use scap-workbench from my laptop with VM RHEL 7, trying to >>>>>>> remote scan the CentOS 7, >>>>>>> >>>>>>> It succeed login via SSH but Diagnostics says: >>>>>>> >>>>>>> *error * >>>>>>> *Failed to locate oscap on remote machine. Please, check that >>>>>>> openscap-scanner is installed on the remote machine.* >>>>>>> >>>>>>> Am I missing something? >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Donny Lie* >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
