Yes, because scap_1402.sh is an external script in the same folder as ds.xml file. I (badly) supposed that oscap program would directly call the external file but this is not the case.
How can I pack my script in ds.xml file, is there some resource than can explain ? 2018-04-25 14:05 GMT+02:00 Šimon Lukašík <[email protected]>: > On 04/25/2018 10:24 AM, Raymond Mercier wrote: > > Hi Simon > > > > I updated, the error message is different (but still present) > > > > xml file: > > <ns10:Rule id="xccdf_1_rule_1402" selected="true" > > severity="medium"> > > <ns10:title>selinux</ns10:title> > > <ns10:description>Checks if you have SELinux > > enabled</ns10:description> > > <ns10:check system="http://open-scap.org/page/SCE";> > > <ns10:check-import import-name="stdout" /> > > <ns10:check-content-ref href="scap_1402.sh" /> > > </ns10:check> > > </ns10:Rule> > > > > output: > > [root]# oscap xccdf eval --profile xccdf_1_profile_1 rm-ds.xml > > Title selinux > > Rule xccdf_1_rule_1402 > > Result notchecked > > > > OpenSCAP Error: SCE couldn't find script file 'scap_1402.sh'. Expected > > location: '/tmp/oscap.3sSrgD/scap_1402.sh'. [sce_engine.c:387] > > > > I couldn't find the SCE script in your datastream as well. > > OpenSCAP just unpacks the Datastream XML into tmp dir like > /tmp/oscap.3sSrgD/ and executes the scan. There is no scap_1402.sh in > the xml you provided. > > Best, > ~š. > > > Same kind of error message if I set absolute path /root/scap_1402.sh > > > > Thank you for help > > Raymond > > > > > > 2018-04-25 10:12 GMT+02:00 Šimon Lukašík <[email protected] > > <mailto:[email protected]>>: > > > > On 04/25/2018 09:47 AM, Raymond Mercier wrote: > > > <ns10:Rule id="xccdf_1_rule_1402" > > selected="true" severity="medium"> > > > <ns10:title>selinux</ns10: > title> > > > <ns10:description>Checks if > > you have SELinux enabled</ns10:description> > > > <ns10:check > > system="http://wordpress-www-open-scap-org.b9ad.pro-us- > east-1.openshiftapps.com/page/SCE > > <http://wordpress-www-open-scap-org.b9ad.pro-us-east-1. > openshiftapps.com/page/SCE>"> > > > > This check/system doesn't feel right. :) > > > > The usage at https://www.open-scap.org/features/other-standards/sce/ > > <https://www.open-scap.org/features/other-standards/sce/> say > > we should use http://open-scap.org/page/SCE instead. > > > > Audit, Fix and Be Merry, > > ~š. > > > > > > > <ns10:check-import > > import-name="stdout" /> > > > > > <ns10:check-content-ref href="scap_1402.sh" /> > > > </ns10:check> > > > </ns10:Rule> > > > > > > > ~š. >
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
