Hi Bill,

I installed by using apt-get and I did not compile the code.  And it did
not put the /usr/share/openscap/cpe/openscap-cpe-dict.xml and
openscap-cpe-oval.xml files at all.   That's why I was looking for them
with Ububtu 18 in it.  I just looked at the dict and oval file sin the link
Jan sent and they don't have any references to Ububtu like you mentioned.
while waiting on this to get worked out I have installed/setup a RHEL 7.6
server.  It has these files and worked without any issues pretty much as
soon as I got it installed.  The Ubuntu software is much more difficult to
get operational.   How would I go about getting those version 8 dict and
oval files to test with?



                                                                  
                                                                  
                                                                  
                       Thanks,                                    
                       Todd M. Williams                           
                       Unix System Admin, devIT-US,               
                       AIX/Linux/CC/CQ/SPoRT/DB2                  
                       Phone: 772-257-5706 | Mobile: 772-925-2042 
                       E-Mail: tod...@us.ibm.com                  
                       devIT                                      
                                                                  






From:   "Boucher, William" <william.bouc...@mza.com>
To:     Jan Cerny <jce...@redhat.com>, Todd Williams
            <tod...@us.ibm.com>, "gapin...@nasa.gov" <gapin...@nasa.gov>
Cc:     Open-scap-list <open-scap-list@redhat.com>
Date:   02/04/2019 11:16 AM
Subject:        RE: Ubuntu Security Guide content



Hi Todd and Jan,

Please excuse me, I do not intend to hijack Jan's thread but I believe the
following may be related enough to be helpful.

These OpenSCAP CPE files exist on my system
at /usr/local/share/openscap/cpe/, after compiling openscap from source on
my machine. But neither they nor the versions available via the links
provided below have any references to Ubuntu in them. Browsing through the
files I see, for example, sections in the xml files for various flavors of
rhel, opensuse, fedora, etc. but Ubuntu is not there.

Compiling the ssg from source (at /usr/local/src/ComplianceAsCode/content/)
does put Ubuntu-specific cpe files {ssg-ubuntu1604-cpe-dictionary.xml,
ssg-ubuntu1604-cpe-oval.xml, ssg-ubuntu1804-cpe-dictionary.xml,
ssg-ubuntu1804-cpe-oval.xml} in /usr/local/share/xml/scap/ssg/content, as
well as similarly named ds, ocil, oval and xccdf files.

Running scap using these files, however, with the command:

sudo oscap xccdf eval –profile standard –results-arf ./results-arf.xml
–report ./report-ds.html
–results ./results-ds.xml 
/usr/local/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml


results in 15 rules passed, 6 inconclusive (unknown) and 24 notapplicable.
The notapplicable rules (ignored by oscap) seem to refer to the STIG
controls I would consider the most applicable for evaluation.

Since my install is Ubuntu 16.04.5, not Ubuntu 18, I would be interested to
see the results Todd Williams would get running this on his install. In an
earlier thread (Benchmark for Canonical Ubuntu 16.04 LTS), Gary did get
similar results with Ubuntu 18 and stated "Determining why rules end up
notapplicable, or seem to be skipped during evaluation, will require
additional inspection, as will evaluating the veracity of the passes and
fails".

Is anybody looking at this on the development side (determining why rules
end up nonapplicable)?

Thanks,

                 --Bill

William B. Boucher, BSEE
Embedded Systems Software Engineer
Information Systems Security Manager
MZA Associates Corporation
4900 Lang Ave. NE, Suite 100
Albuquerque, NM 87109-9708
Phone: 505.245.9970 x166
Fax: 505.245.9971
Cell: 505.459.7620
william.bouc...@mza.com


-----Original Message-----
From: open-scap-list-boun...@redhat.com [
mailto:open-scap-list-boun...@redhat.com] On Behalf Of Jan Cerny
Sent: Monday, February 4, 2019 2:01 AM
To: Todd Williams <tod...@us.ibm.com>
Cc: Open-scap-list <open-scap-list@redhat.com>
Subject: Re: [Open-scap] Ubuntu Security Guide content

Hi,

You're correct it's missing CPE dictionary and CPE OVAL.
The files are located here:
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_OpenSCAP_openscap_blob_maint-2D1.2_cpe_openscap-2Dcpe-2Ddict.xml&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjvaJ-rrOQD9wYgWK1vlNlqk921f9rTw&m=Z4sUeu_Kart8jB_BGe4QPt9ZzTZn4Z1PozLnRay3Xks&s=aAJgbbf7PAvRcqrA86m4_hgOHHkU4eTvZP_I81Moyxg&e=

https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_OpenSCAP_openscap_blob_maint-2D1.2_cpe_openscap-2Dcpe-2Doval.xml&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjvaJ-rrOQD9wYgWK1vlNlqk921f9rTw&m=Z4sUeu_Kart8jB_BGe4QPt9ZzTZn4Z1PozLnRay3Xks&s=2-w6ssekSlLXgLmtwY5eJU5-NWTpAi__T0fsp5e4iwk&e=

They're list of platform definitions based on which the platform
applicability of SCAP content is determined.
OpenSCAP expect them to be present in '/usr/share/openscap/cpe/'

I'm not an Ubuntu user, so I'm only guessing, but I think that downloading
these files and saving them to '/usr/share/openscap/cpe/' should help.

This is probably a bug in Ubuntu packaging, because it seems Ubuntu doesn't
ship these files in its packages, but they are required by OpenSCAP to work
correctly. You can try to file a bug report on Ubuntu.

Regards

Jan Černý
Security Technologies | Red Hat, Inc.

----- Original Message -----
> From: "Todd Williams" <tod...@us.ibm.com>
> To: "Jan Cerny" <jce...@redhat.com>
> Sent: Friday, February 1, 2019 4:35:50 PM
> Subject: Re: [Open-scap] Ubuntu Security Guide content
>
>
> Hi Jan,
>
> So I was able to use ssg-ubuntu1804-ds.xml in scap-workbench on Ubuntu
> 18.4, and I got this error when I ran the scan
>
>
> 14:27:38
> info
> SCAP Workbench 1.1.5, compiled with Qt 4.8.7, using OpenSCAP 1.2.15
>
>
> 14:28:16
> info
> Opened file '/root/scap-security-guide-0.1.42/ssg-ubuntu1804-ds.xml'.
>
>
> 14:28:25
> info
> Querying capabilities...
>
>
> 14:28:25
> info
> Creating temporary files...
>
>
> 14:28:25
> info
> Starting the oscap process...
>
>
> 14:28:25
> info
> Processing...
>
>
> 14:28:30
> error
> The 'oscap' process has written the following content to stderr:
> OpenSCAP
> Error: Unable to open file:
> '/usr/share/openscap/cpe/openscap-cpe-dict.xml'
> [../../../src/source/oscap_source.c:284]
>
>
>
> 14:28:30
> error
> The 'oscap' process has written the following content to stderr:
> Failed to add default CPE to newly created CPE Session.
> [../../../src/CPE/cpe_session.c:58]
>
>
> 14:28:30
> info
> The oscap tool has finished. Reading results...
>
>
> 14:28:30
> info
> Processing has been finished!
>
>
> 14:28:58
> info
> Querying capabilities...
>
>
> 14:28:58
> info
> Creating temporary files...
>
>
> 14:28:58
> info
> Starting the oscap process...
>
>
> 14:28:58
> info
> Processing...
>
>
> 14:29:00
> error
> The 'oscap' process has written the following content to stderr:
> OpenSCAP
> Error: Unable to open file:
> '/usr/share/openscap/cpe/openscap-cpe-dict.xml'
> [../../../src/source/oscap_source.c:284]
>
>
>
> 14:29:00
> error
> The 'oscap' process has written the following content to stderr:
> Failed to add default CPE to newly created CPE Session.
> [../../../src/CPE/cpe_session.c:58]
>
>
> 14:29:00
> info
> The oscap tool has finished. Reading results...
>
>
> 14:29:00
> info
> Processing has been finished!
>
>
> So I went to /usr/share/openscap/cpe and the only file there is the
> README, so I read it and it pointed me to
>
https://urldefense.proofpoint.com/v2/url?u=https-3A__nvd.nist.gov_Products_CPE&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjvaJ-rrOQD9wYgWK1vlNlqk921f9rTw&m=Z4sUeu_Kart8jB_BGe4QPt9ZzTZn4Z1PozLnRay3Xks&s=GEwkLf9fvI-nhyNPQv8FHmY2LvRw8hM88BQrHep5-Pk&e=
.  I found these files there:
> official-cpe-dictionary_v2.3.xml.gz
> official-cpe-dictionary_v2.2.xml.gz
> Can I rename and use 1 of these?
>
> I have it setup and running on RHEL 7.6 and when I look at that dir on
> that system it has 2 files, can I use them?
> openscap-cpe-dict.xml
> openscap-cpe-oval.xml
>
>
> BTW, the setup for RHEL goes much smoother than Ubuntu..
>
>
>
>
>                        Thanks,
>                        Todd M. Williams
>                        Unix System Admin, devIT-US,
>                        AIX/Linux/CC/CQ/SPoRT/DB2
>                        Phone: 772-257-5706 | Mobile: 772-925-2042
>                        E-Mail: tod...@us.ibm.com
>                        devIT
>
>
>
>
>
>
>
> From:          Jan Cerny <jce...@redhat.com>
> To:            Todd Williams <tod...@us.ibm.com>
> Cc:            open-scap-list@redhat.com
> Date:          01/31/2019 03:57 AM
> Subject:               Re: [Open-scap] Ubuntu Security Guide content
>
>
>
> Hi Todd,
>
> The security content is provided by "ComplianceAsCode" project, which
> was up until recently known as "SCAP Security Guide" or "SSG".
> See
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Compli
> anceAsCode_content&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjva
> J-rrOQD9wYgWK1vlNlqk921f9rTw&m=barf9ggX12ptwUtL39Zr4DrVw-plD8VA-rt4jH2
> TyNY&s=vNHYFU2k7A2CSeZR_c_PoqpDjWzZyFy8U9Hlze2Zwis&e=
>
>
> The security content is packaged in Ubuntu since Ubuntu 18.04 (Bionic
> Beaver).
> The packages are: ssg-base, ssg-debderived, ssg-debian,
> ssg-nondebian, ssg-applications.
>
> However, the packages contain outdated versions of upstream content,
> and AFAIK the content in the packages is applicable to Ubuntu 16.04 an
> 14.04. That is kind of useless on 18.04 :)
>
> Therefore, I suggest downloading the latest upstream release from GitHub:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Compli
> anceAsCode_content_releases_download_v0.1.42_scap-2Dsecurity-2Dguide-2
> D0.1.42.zip&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjvaJ-rrOQD
> 9wYgWK1vlNlqk921f9rTw&m=barf9ggX12ptwUtL39Zr4DrVw-plD8VA-rt4jH2TyNY&s=
> GptJ9IxTd3-Np6P-SIHAUZuzbMwBN7Wb8PtIx3KameE&e=
>
> Extract the archive and then open ssg-ubuntu1804-ds.xml in SCAP
Workbench.
>
> Thank you very much for reminding us about the outdated web site. I
> will try to update the web soon.
>
> Best Regards
>
> Jan Černý
> Security Technologies | Red Hat, Inc.
>
>
>
> ----- Original Message -----
> > From: "Todd Williams" <tod...@us.ibm.com>
> > To: open-scap-list@redhat.com
> > Sent: Wednesday, January 30, 2019 6:58:40 PM
> > Subject: [Open-scap] Ubuntu Security Guide content
> >
> >
> >
> > Hello,
> >
> > I am new to SCAP and have been tasked with setting it up on a Ubuntu
> > test system. It is running Ubuntu 18.04.1 LTS. I have these 2
> > packages
> installed:
> >
> > libopenscap8/bionic,now 1.2.15-1build1 amd64 [installed]
> > scap-workbench/bionic,now 1.1.5-1 amd64 [installed]
> >
> > I can bring up the GUI for the workbench, but with no security
> > content I
> am
> > stuck as far as being able to run a scan and/or editing the security
> > requirements. According to the web site there is no security guide
> > for Ubuntu.
> >
> >
> >
> > But I have been told that there is a package for Ubuntu out there,
> "apt-get
> > list" did not return anything, can someone tell if there is or not?
> >
> >
> >
> >                               Thanks,
> > Todd M. Williams
> > Unix System Admin, devIT-US, AIX/Linux/CC/CQ/SPoRT/DB2
> > Phone: 772-257-5706 | Mobile: 772-925-2042
> > E-Mail: tod...@us.ibm.com
> > devIT
> >
> >
> > _______________________________________________
> > Open-scap-list mailing list
> > Open-scap-list@redhat.com
> >
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_ma
> ilman_listinfo_open-2Dscap-2Dlist&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=
> 4BwPnN3sPgNQjvaJ-rrOQD9wYgWK1vlNlqk921f9rTw&m=barf9ggX12ptwUtL39Zr4DrV
> w-plD8VA-rt4jH2TyNY&s=kdZJkE-OdFBK63L1uDxwv2iEG2aif_xR_Ad9o_xmqhQ&e=
>
>
>
>
>

_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_mailman_listinfo_open-2Dscap-2Dlist&d=DwIGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=4BwPnN3sPgNQjvaJ-rrOQD9wYgWK1vlNlqk921f9rTw&m=Z4sUeu_Kart8jB_BGe4QPt9ZzTZn4Z1PozLnRay3Xks&s=XQuGKItbYCSzsyYOlCDFh89LZ-9wY3L_-PkAngEjPf4&e=




_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Reply via email to