I believe you're missing the port number (usually 22) and it only accepts source datastreams. From running the command with no arguments:
ยป oscap-ssh No arguments provided. oscap-ssh -- Tool for running oscap over SSH and collecting results. Usage: $ oscap-ssh user@host 22 info INPUT_CONTENT $ oscap-ssh user@host 22 xccdf eval [options] INPUT_CONTENT Only source datastreams are supported as INPUT_CONTENT! ... A command that works (where "scap" is a symlink to ../scap-security-guide/build) is: oscap-ssh sudo user@server 22 xccdf eval \ --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa \ --results-arf /tmp/results-arf.xml \ --report /tmp/results.html \ scap/ssg-rhel7-ds.xml Also, make sure that the profile you're using exists in the data stream you specify. In the SSG build dir I see ssg-ubuntu1404-ds.xml and ssg-ubuntu1604-ds.xml neither of which has a "MAC-3_Sensitive" profile. Hope this helps, =Fen On Wed, Feb 28, 2018 at 9:24 AM, Geoffry Roberts < [email protected]> wrote: > All, > > I tried my first remote. scan and don't understand the result. > > I ran the following, which is almost a cut and past from the manual: > > oscap-ssh root@<host> xccdf eval --profile MAC-3_Sensitive --report > report.html /U_Canonical_Ubuntu_V1R1_STIG/U_Canonical_Ubuntu_V1R1_ > Manual_STIG/U_Canonical_Ubuntu_STIG_V1R1_Manual-xccdf.xml > > This is the result: > This script only supports '-h', '--help', '--v', '--version', 'info', > 'xccdf eval', 'oval eval' and 'oval collect'. > > What does it mean? I am using the supported xccdd eval. The xccdd file > comes from DISA. > > Thanks in advance > > _______________________________________________ > Open-scap-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/open-scap-list >
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
