one last thing, if you really want to reproduce my problem,
then you have to use port forwarding in router,
or
maybe just simply change the target incoming port ssh to 60000 will sufice,
and try it via LAN or internet,
On Fri, Sep 22, 2017 at 6:10 PM, DD Donny Lie <deod...@gmail.com
<mailto:deod...@gmail.com>> wrote:
/"For the "scanner not found" problem, that's something I cannot
reproduce just yet. Is your machine ssh-accessible on both ports?
And connecting to port 22 results in different environment than that
60215? Because if it couldn't connect, error would be different." /
target machine ssh port is 22
since i have a lot VM in target location and using home broadband
fiber with single dynamic public IP, I use port forwarding to access
my 16 VMs,
so in router (port forwarding), accessing ssh port 60215 translate
to port 22 in particular VM,
and I notice installing workbench in RHEL 7, the GUI don't offer
other content (such as: CentOS 6/7),
dont you think the gui app should offer all possible content load?
because it is intended has ability to scan remote right? which can
be other than the local OS?
but even I use workbench + CentOS 7, I'm still not able to remote
GUI scan CentOS 7,
my target CentOS dont contain anything fancy but nano, bash-it,
change hostname, ip, dns, gateway, vmware tools, etc.
*below is detail of my target (CentOS 7 x64) setings:*
### Set timezone
Ping pool.ntp.org <http://pool.ntp.org>
timedatectl set-timezone Asia/Jakarta
timedatectl
### Install VMware tools
yum list installed | grep vmtoolsd
yum install -y open-vm-tools
systemctl start vmtoolsd.service
systemctl status vmtoolsd
systemctl is-enabled vmtoolsd
### Set hostname
hostnamectl set-hostname my-hostname –static
hostnamectl set-hostname my-hostname --transient
hostnamectlstatus
### Set Static IP address, DNS, Gateway
nmcli
nmcli –p device
nmcli device show
nano /etc/sysconfig/network-scripts/ifcfg-xxxxx
BOOTPROTO=none
# Server IP #
IPADDR=xx.xx.xx.xx
# Subnet #
NETMASK=255.255.255.0
# Set default gateway IP #
GATEWAY=192.168.2.254
# Set dns servers #
DNS1=192.168.2.254
DNS2=8.8.8.8
DNS3=8.8.4.4
# Disable ipv6 #
IPV6INIT=no
systemctl restart network
nmcli device show or ifconfig
### Nano + Change PS1 using Bash-it
yum install -y nano
upload to /opt/bash-it
chmod 744 install.sh
./install.sh
# Reload bash
exec bash
On Fri, Sep 22, 2017 at 4:48 PM, DD Donny Lie <deod...@gmail.com
<mailto:deod...@gmail.com>> wrote:
sorry, I mean, although i change SSH port to something else like
*60215*,
the dry run command will result:
*oscap-ssh r <mailto:root@36.88.58.11>oot@target-ip 22 xccdf eval \*
*--fetch-remote-resources \*
*--datastream-id
scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml \*
*--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \*
*--profile xccdf_org.ssgproject.content_profile_standard \*
*--oval-results --results /tmp/xccdf-results.xml \*
*--results-arf /tmp/arf.xml \*
*--report /tmp/report.html \*
*/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml*
*
*
But I notice if I use port like 111 or 8000, it will correctly
displayed,
changing port to 50000 or 60000 will result above (port 22)
On Fri, Sep 22, 2017 at 4:35 PM, DD Donny Lie <deod...@gmail.com
<mailto:deod...@gmail.com>> wrote:
If I use this in CentOS 7 terminal (removed --oval-results,
--results-arf):
*oscap-ssh root@ip-address 60215 xccdf eval \*
*--fetch-remote-resources \*
*--datastream-id
scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml
\*
*--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \*
*--profile xccdf_org.ssgproject.content_profile_standard \*
*--report /root/report-standard-via-clie.html \*
*/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml*
*it is working,*
but same 'dry run' command above *USING* workbench will result:
*error*
*Failed to locate oscap on remote machine. Please, check
that openscap-scanner is installed on the remote machine.*
and the workbench is loading very long while I click scan,
and 'dry run' will result in clipboard below (which maybe
you guys should fix it):
*oscap-ssh root@36.88.58.11 <mailto:root@36.88.58.11>
22xccdf eval \*
*--fetch-remote-resources \*
*--datastream-id
scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml
\*
*--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \*
*--profile xccdf_org.ssgproject.content_profile_standard \*
*--oval-results --results /tmp/xccdf-results.xml \*
*--results-arf /tmp/arf.xml \*
*--report /tmp/report.html \*
*/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml*
On Fri, Sep 22, 2017 at 3:21 PM, DD Donny Lie
<deod...@gmail.com <mailto:deod...@gmail.com>> wrote:
*From CentOS 7 (scap workbench) *
*to target (CentOS 7) installed latest openscap-scanner*
*the target is VM guest under ESXi 5.5,*
*
*
15:02:25
info
SCAP Workbench 1.1.4, compiled with Qt 4.8.5, using
OpenSCAP 1.2.14
15:02:54
info
Opened file
'/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml'.
15:04:08
info
Establishing connecting to remote target...
15:04:18
info
Connection established.
15:04:18
info
Checking if oscap is available on remote machine...
15:08:19
error
Failed to locate oscap on remote machine. Please, check
that openscap-scanner is installed on the remote machine.
*Am I missing something? this should be pretty basic
right, but its not working?*
On Fri, Sep 22, 2017 at 2:49 PM, DD Donny Lie
<deod...@gmail.com <mailto:deod...@gmail.com>> wrote:
*Target Machine:*
oscap -V
OpenSCAP command line tool (oscap) 1.2.14
Copyright 2009--2017 Red Hat Inc., Durham, North
Carolina.
==== Supported specifications ====
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
==== Capabilities added by auto-loaded plugins ====
No plugins have been auto-loaded...
==== Paths ====
Schema files: /usr/share/openscap/schemas
Default CPE files: /usr/share/openscap/cpe
Probes: /usr/libexec/openscap
On Thu, Sep 21, 2017 at 8:29 PM, DD Donny Lie
<deod...@gmail.com <mailto:deod...@gmail.com>> wrote:
*Here you go my detail:*
Target machine: CentOS 7 (installed
openscap-scanner)
scap-workbench: RHEL 7
connect via internet
root@target-ip at port 60215
port forwarding to 22
*
*
*Diganostics says:*
19:47:55
info
SCAP Workbench 1.1.4, compiled with Qt 4.8.5,
using OpenSCAP 1.2.14
19:48:00
info
Opened file
'/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml'.
19:48:37
info
Establishing connecting to remote target...
19:48:46
info
Connection established.
19:48:46
info
Checking if oscap is available on remote machine...
19:48:47
error
*Failed to locate oscap on remote machine.
Please, check that openscap-scanner is installed
on the remote machine.*
*Thanks,*
*Donny Lie*
On Thu, Sep 21, 2017 at 7:44 PM, DD Donny Lie
<deod...@gmail.com <mailto:deod...@gmail.com>>
wrote:
Hello,
I have a CentOS 7 with installed
openscap-scanner
and I use scap-workbench from my laptop with
VM RHEL 7, trying to remote scan the CentOS 7,
It succeed login via SSH but Diagnostics says:
*error
*
*Failed to locate oscap on remote machine.
Please, check that openscap-scanner is
installed on the remote machine.*
Am I missing something?
--
*Donny Lie*
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list
