Hi Bill,
I installed by using apt-get and I did not compile the code. And it did
not put the /usr/share/openscap/cpe/openscap-cpe-dict.xml and
openscap-cpe-oval.xml files at all. That's why I was looking for them
with Ububtu 18 in it. I just looked at the dict and oval file sin the link
Jan sent and they don't have any references to Ububtu like you mentioned.
while waiting on this to get worked out I have installed/setup a RHEL 7.6
server. It has these files and worked without any issues pretty much as
soon as I got it installed. The Ubuntu software is much more difficult to
get operational. How would I go about getting those version 8 dict and
oval files to test with?
Thanks,
Todd M. Williams
Unix System Admin, devIT-US,
AIX/Linux/CC/CQ/SPoRT/DB2
Phone: 772-257-5706 | Mobile: 772-925-2042
E-Mail: [email protected]
devIT
From: "Boucher, William" <[email protected]>
To: Jan Cerny <[email protected]>, Todd Williams
<[email protected]>, "[email protected]" <[email protected]>
Cc: Open-scap-list <[email protected]>
Date: 02/04/2019 11:16 AM
Subject: RE: Ubuntu Security Guide content
Hi Todd and Jan,
Please excuse me, I do not intend to hijack Jan's thread but I believe the
following may be related enough to be helpful.
These OpenSCAP CPE files exist on my system
at /usr/local/share/openscap/cpe/, after compiling openscap from source on
my machine. But neither they nor the versions available via the links
provided below have any references to Ubuntu in them. Browsing through the
files I see, for example, sections in the xml files for various flavors of
rhel, opensuse, fedora, etc. but Ubuntu is not there.
Compiling the ssg from source (at /usr/local/src/ComplianceAsCode/content/)
does put Ubuntu-specific cpe files {ssg-ubuntu1604-cpe-dictionary.xml,
ssg-ubuntu1604-cpe-oval.xml, ssg-ubuntu1804-cpe-dictionary.xml,
ssg-ubuntu1804-cpe-oval.xml} in /usr/local/share/xml/scap/ssg/content, as
well as similarly named ds, ocil, oval and xccdf files.
Running scap using these files, however, with the command:
sudo oscap xccdf eval –profile standard –results-arf ./results-arf.xml
–report ./report-ds.html
–results ./results-ds.xml
/usr/local/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml
results in 15 rules passed, 6 inconclusive (unknown) and 24 notapplicable.
The notapplicable rules (ignored by oscap) seem to refer to the STIG
controls I would consider the most applicable for evaluation.
Since my install is Ubuntu 16.04.5, not Ubuntu 18, I would be interested to
see the results Todd Williams would get running this on his install. In an
earlier thread (Benchmark for Canonical Ubuntu 16.04 LTS), Gary did get
similar results with Ubuntu 18 and stated "Determining why rules end up
notapplicable, or seem to be skipped during evaluation, will require
additional inspection, as will evaluating the veracity of the passes and
fails".
Is anybody looking at this on the development side (determining why rules
end up nonapplicable)?
Thanks,
--Bill
William B. Boucher, BSEE
Embedded Systems Software Engineer
Information Systems Security Manager
MZA Associates Corporation
4900 Lang Ave. NE, Suite 100
Albuquerque, NM 87109-9708
Phone: 505.245.9970 x166
Fax: 505.245.9971
Cell: 505.459.7620
[email protected]
-----Original Message-----
From: [email protected] [
mailto:[email protected]] On Behalf Of Jan Cerny
Sent: Monday, February 4, 2019 2:01 AM
To: Todd Williams <[email protected]>
Cc: Open-scap-list <[email protected]>
Subject: Re: [Open-scap] Ubuntu Security Guide content
Hi,
You're correct it's missing CPE dictionary and CPE OVAL.
The files are located here:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_OpenSCAP_openscap_blob_maint-2D1.2_cpe_openscap-2Dcpe-2Ddict.xml&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjvaJ-rrOQD9wYgWK1vlNlqk921f9rTw&m=Z4sUeu_Kart8jB_BGe4QPt9ZzTZn4Z1PozLnRay3Xks&s=aAJgbbf7PAvRcqrA86m4_hgOHHkU4eTvZP_I81Moyxg&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_OpenSCAP_openscap_blob_maint-2D1.2_cpe_openscap-2Dcpe-2Doval.xml&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjvaJ-rrOQD9wYgWK1vlNlqk921f9rTw&m=Z4sUeu_Kart8jB_BGe4QPt9ZzTZn4Z1PozLnRay3Xks&s=2-w6ssekSlLXgLmtwY5eJU5-NWTpAi__T0fsp5e4iwk&e=
They're list of platform definitions based on which the platform
applicability of SCAP content is determined.
OpenSCAP expect them to be present in '/usr/share/openscap/cpe/'
I'm not an Ubuntu user, so I'm only guessing, but I think that downloading
these files and saving them to '/usr/share/openscap/cpe/' should help.
This is probably a bug in Ubuntu packaging, because it seems Ubuntu doesn't
ship these files in its packages, but they are required by OpenSCAP to work
correctly. You can try to file a bug report on Ubuntu.
Regards
Jan Černý
Security Technologies | Red Hat, Inc.
----- Original Message -----
> From: "Todd Williams" <[email protected]>
> To: "Jan Cerny" <[email protected]>
> Sent: Friday, February 1, 2019 4:35:50 PM
> Subject: Re: [Open-scap] Ubuntu Security Guide content
>
>
> Hi Jan,
>
> So I was able to use ssg-ubuntu1804-ds.xml in scap-workbench on Ubuntu
> 18.4, and I got this error when I ran the scan
>
>
> 14:27:38
> info
> SCAP Workbench 1.1.5, compiled with Qt 4.8.7, using OpenSCAP 1.2.15
>
>
> 14:28:16
> info
> Opened file '/root/scap-security-guide-0.1.42/ssg-ubuntu1804-ds.xml'.
>
>
> 14:28:25
> info
> Querying capabilities...
>
>
> 14:28:25
> info
> Creating temporary files...
>
>
> 14:28:25
> info
> Starting the oscap process...
>
>
> 14:28:25
> info
> Processing...
>
>
> 14:28:30
> error
> The 'oscap' process has written the following content to stderr:
> OpenSCAP
> Error: Unable to open file:
> '/usr/share/openscap/cpe/openscap-cpe-dict.xml'
> [../../../src/source/oscap_source.c:284]
>
>
>
> 14:28:30
> error
> The 'oscap' process has written the following content to stderr:
> Failed to add default CPE to newly created CPE Session.
> [../../../src/CPE/cpe_session.c:58]
>
>
> 14:28:30
> info
> The oscap tool has finished. Reading results...
>
>
> 14:28:30
> info
> Processing has been finished!
>
>
> 14:28:58
> info
> Querying capabilities...
>
>
> 14:28:58
> info
> Creating temporary files...
>
>
> 14:28:58
> info
> Starting the oscap process...
>
>
> 14:28:58
> info
> Processing...
>
>
> 14:29:00
> error
> The 'oscap' process has written the following content to stderr:
> OpenSCAP
> Error: Unable to open file:
> '/usr/share/openscap/cpe/openscap-cpe-dict.xml'
> [../../../src/source/oscap_source.c:284]
>
>
>
> 14:29:00
> error
> The 'oscap' process has written the following content to stderr:
> Failed to add default CPE to newly created CPE Session.
> [../../../src/CPE/cpe_session.c:58]
>
>
> 14:29:00
> info
> The oscap tool has finished. Reading results...
>
>
> 14:29:00
> info
> Processing has been finished!
>
>
> So I went to /usr/share/openscap/cpe and the only file there is the
> README, so I read it and it pointed me to
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__nvd.nist.gov_Products_CPE&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjvaJ-rrOQD9wYgWK1vlNlqk921f9rTw&m=Z4sUeu_Kart8jB_BGe4QPt9ZzTZn4Z1PozLnRay3Xks&s=GEwkLf9fvI-nhyNPQv8FHmY2LvRw8hM88BQrHep5-Pk&e=
. I found these files there:
> official-cpe-dictionary_v2.3.xml.gz
> official-cpe-dictionary_v2.2.xml.gz
> Can I rename and use 1 of these?
>
> I have it setup and running on RHEL 7.6 and when I look at that dir on
> that system it has 2 files, can I use them?
> openscap-cpe-dict.xml
> openscap-cpe-oval.xml
>
>
> BTW, the setup for RHEL goes much smoother than Ubuntu..
>
>
>
>
> Thanks,
> Todd M. Williams
> Unix System Admin, devIT-US,
> AIX/Linux/CC/CQ/SPoRT/DB2
> Phone: 772-257-5706 | Mobile: 772-925-2042
> E-Mail: [email protected]
> devIT
>
>
>
>
>
>
>
> From: Jan Cerny <[email protected]>
> To: Todd Williams <[email protected]>
> Cc: [email protected]
> Date: 01/31/2019 03:57 AM
> Subject: Re: [Open-scap] Ubuntu Security Guide content
>
>
>
> Hi Todd,
>
> The security content is provided by "ComplianceAsCode" project, which
> was up until recently known as "SCAP Security Guide" or "SSG".
> See
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Compli
> anceAsCode_content&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjva
> J-rrOQD9wYgWK1vlNlqk921f9rTw&m=barf9ggX12ptwUtL39Zr4DrVw-plD8VA-rt4jH2
> TyNY&s=vNHYFU2k7A2CSeZR_c_PoqpDjWzZyFy8U9Hlze2Zwis&e=
>
>
> The security content is packaged in Ubuntu since Ubuntu 18.04 (Bionic
> Beaver).
> The packages are: ssg-base, ssg-debderived, ssg-debian,
> ssg-nondebian, ssg-applications.
>
> However, the packages contain outdated versions of upstream content,
> and AFAIK the content in the packages is applicable to Ubuntu 16.04 an
> 14.04. That is kind of useless on 18.04 :)
>
> Therefore, I suggest downloading the latest upstream release from GitHub:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Compli
> anceAsCode_content_releases_download_v0.1.42_scap-2Dsecurity-2Dguide-2
> D0.1.42.zip&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjvaJ-rrOQD
> 9wYgWK1vlNlqk921f9rTw&m=barf9ggX12ptwUtL39Zr4DrVw-plD8VA-rt4jH2TyNY&s=
> GptJ9IxTd3-Np6P-SIHAUZuzbMwBN7Wb8PtIx3KameE&e=
>
> Extract the archive and then open ssg-ubuntu1804-ds.xml in SCAP
Workbench.
>
> Thank you very much for reminding us about the outdated web site. I
> will try to update the web soon.
>
> Best Regards
>
> Jan Černý
> Security Technologies | Red Hat, Inc.
>
>
>
> ----- Original Message -----
> > From: "Todd Williams" <[email protected]>
> > To: [email protected]
> > Sent: Wednesday, January 30, 2019 6:58:40 PM
> > Subject: [Open-scap] Ubuntu Security Guide content
> >
> >
> >
> > Hello,
> >
> > I am new to SCAP and have been tasked with setting it up on a Ubuntu
> > test system. It is running Ubuntu 18.04.1 LTS. I have these 2
> > packages
> installed:
> >
> > libopenscap8/bionic,now 1.2.15-1build1 amd64 [installed]
> > scap-workbench/bionic,now 1.1.5-1 amd64 [installed]
> >
> > I can bring up the GUI for the workbench, but with no security
> > content I
> am
> > stuck as far as being able to run a scan and/or editing the security
> > requirements. According to the web site there is no security guide
> > for Ubuntu.
> >
> >
> >
> > But I have been told that there is a package for Ubuntu out there,
> "apt-get
> > list" did not return anything, can someone tell if there is or not?
> >
> >
> >
> > Thanks,
> > Todd M. Williams
> > Unix System Admin, devIT-US, AIX/Linux/CC/CQ/SPoRT/DB2
> > Phone: 772-257-5706 | Mobile: 772-925-2042
> > E-Mail: [email protected]
> > devIT
> >
> >
> > _______________________________________________
> > Open-scap-list mailing list
> > [email protected]
> >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_ma
> ilman_listinfo_open-2Dscap-2Dlist&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=
> 4BwPnN3sPgNQjvaJ-rrOQD9wYgWK1vlNlqk921f9rTw&m=barf9ggX12ptwUtL39Zr4DrV
> w-plD8VA-rt4jH2TyNY&s=kdZJkE-OdFBK63L1uDxwv2iEG2aif_xR_Ad9o_xmqhQ&e=
>
>
>
>
>
_______________________________________________
Open-scap-list mailing list
[email protected]
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_mailman_listinfo_open-2Dscap-2Dlist&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjvaJ-rrOQD9wYgWK1vlNlqk921f9rTw&m=Z4sUeu_Kart8jB_BGe4QPt9ZzTZn4Z1PozLnRay3Xks&s=XQuGKItbYCSzsyYOlCDFh89LZ-9wY3L_-PkAngEjPf4&e=
_______________________________________________
Open-scap-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/open-scap-list
