Re: [Open-scap] Not able to make SCE script working

Wed, 25 Apr 2018 05:06:58 -0700 

On 04/25/2018 10:24 AM, Raymond Mercier wrote:
> Hi Simon
> 
> I updated, the error message is different (but still present)
> 
> xml file:
>             <ns10:Rule id="xccdf_1_rule_1402" selected="true"
> severity="medium">
>                <ns10:title>selinux</ns10:title>
>                <ns10:description>Checks if you have SELinux
> enabled</ns10:description>
>                   <ns10:check system="http://open-scap.org/page/SCE";>
>                      <ns10:check-import import-name="stdout" />
>                      <ns10:check-content-ref href="scap_1402.sh" />
>                   </ns10:check>
>             </ns10:Rule>
> 
> output:
> [root]# oscap xccdf eval --profile xccdf_1_profile_1  rm-ds.xml
> Title   selinux
> Rule    xccdf_1_rule_1402
> Result  notchecked
> 
> OpenSCAP Error: SCE couldn't find script file 'scap_1402.sh'. Expected
> location: '/tmp/oscap.3sSrgD/scap_1402.sh'. [sce_engine.c:387]
> 

I couldn't find the SCE script in your datastream as well.

OpenSCAP just unpacks the Datastream XML into tmp dir like
/tmp/oscap.3sSrgD/ and executes the scan. There is no scap_1402.sh in
the xml you provided.

Best,
~š.

> Same kind of error message if I set absolute path /root/scap_1402.sh
> 
> Thank you for help
> Raymond
> 
> 
> 2018-04-25 10:12 GMT+02:00 Šimon Lukašík <[email protected]
> <mailto:[email protected]>>:
> 
>     On 04/25/2018 09:47 AM, Raymond Mercier wrote:
>     >                             <ns10:Rule id="xccdf_1_rule_1402"
>     selected="true" severity="medium">
>     >                                     <ns10:title>selinux</ns10:title>
>     >                                     <ns10:description>Checks if
>     you have SELinux enabled</ns10:description>
>     >                                     <ns10:check
>     
> system="http://wordpress-www-open-scap-org.b9ad.pro-us-east-1.openshiftapps.com/page/SCE
>     
> <http://wordpress-www-open-scap-org.b9ad.pro-us-east-1.openshiftapps.com/page/SCE>">
> 
>     This check/system doesn't feel right. :)
> 
>     The usage at https://www.open-scap.org/features/other-standards/sce/
>     <https://www.open-scap.org/features/other-standards/sce/> say
>     we should use http://open-scap.org/page/SCE instead.
> 
>     Audit, Fix and Be Merry,
>     ~š.
> 
> 
>     >                                             <ns10:check-import
>     import-name="stdout" />
>     >                                           
>      <ns10:check-content-ref href="scap_1402.sh" />
>     >                                     </ns10:check>
>     >                             </ns10:Rule>
> 
> 


~š.

_______________________________________________
Open-scap-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to