I just took a look at OpenSCAP and ComplianceAsCode.
I obtained results that were at variance with yours, and which failed to attain Glorious Victory.
Some comments inline.
On 1/23/19 10:10 AM, Boucher, William wrote:
Using an Ubuntu 18.04 instance as a platform, I obtained, built, and installed https://github.com/OpenSCAP/openscap.
I also obtained and built https://github.com/ComplianceAsCode/content
on the same system.
Using «oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results-arf results-arf.xml --report report.html --results results.xml ssg-ubuntu1804-ds.xml» all results were notapplicable.
I commented out line #10606 (the <platform> designator) in ssg-ubuntu1804-ds.xml and ran the evaluation again. This time some of the rules were evaluated, some passed, some failed, some resulted in error, some were notapplicable (for no apparent reason).
I then ran the same evaluation as root («sudo oscap …»), and obtained passes, fails, and notapplicables, but no errors. The report was at variance with the input data stream with respect to rules selected in the data stream (the profile selects more rules than appear in the eval report — 45 vs 38 respectively).
Note that I am using the data stream (ssg-ubuntu1804-ds.xml)
and not, directly, the related OVAL (ssg-ubuntu1804-oval.xml).
I have a profound antipathy toward OVAL, and prefer to avoid close
I used git head to build the content I used. The data stream
encapsulates the related XCCDF and OVAL documents.
I expect you would obtain similar results on 16.04. Determining
why rules end up notapplicable, or seem to be skipped during
evaluation, will require additional inspection, as will evaluating
the veracity of the passes and fails.
_______________________________________________ Open-scap-list mailing list Openemail@example.com https://www.redhat.com/mailman/listinfo/open-scap-list