Ah, good to know. Thanks! On Thu, Aug 15, 2019 at 7:51 AM William Munyan < [email protected]> wrote:
> Those extensions are only in the CIS benchmark content and not part of the > OVAL repository. I plan on taking a look at the specific content mentioned > in the thread to see what I can see. > > Cheers > Bill M (CIS) > > Get Outlook for iOS <https://aka.ms/o0ukef> > > > > On Thu, Aug 15, 2019 at 7:49 AM -0400, "Trevor Vaughan" < > [email protected]> wrote: > > >> >> >> As far as I know, the CIS materials have non-standard extensions that >> only their scanner supports. >> >> On Wed, Aug 14, 2019 at 11:47 PM Tim <[email protected]> wrote: >> >>> Another issue has come up while attempting to scan a Fedora-based system >>> using the quasi-official OVAL collection at CIS: >>> >>> https://oval.cisecurity.org/repository/download/5.11.2/all/oval.xml.zip >>> >>> After extracting the XML and using a command such as: >>> >>> oscap oval eval --report report.html --results results.xml >>> --fetch-remote-resources oval.xml >>> >>> the oscap utility spends about an hour and a half parsing the 213MB of >>> data, then says in the end that the definitions are invalid and so >>> refuses to do the scan. >>> >>> When I use --fetch-remote-resources, the following message is repeated >>> 158 times. Alas the code apparently does not contemplate OVAL files with >>> more than 65535 lines, so the line numbers are all the same (the actual >>> number of lines is about 3 million): >>> >>> File 'oval.xml' line 65535: Element >>> '{ >>> http://oval.mitre.org/XMLSchema/oval-definitions-5#iosxe}version_string': >>> >>> This element is not expected. Expected is one of ( >>> {http://www.w3.org/2000/09/xmldsig#}Signature, >>> {http://oval.mitre.org/XMLSchema/oval-common-5}notes, >>> {http://oval.mitre.org/XMLSchema/oval-definitions-5}notes, >>> {http://oval.mitre.org/XMLSchema/oval-definitions-5#iosxe}platform, >>> {http://oval.mitre.org/XMLSchema/oval-definitions-5#iosxe}rp, >>> {http://oval.mitre.org/XMLSchema/oval-definitions-5#iosxe}pkg, >>> {http://oval.mitre.org/XMLSchema/oval-definitions-5#iosxe}major_release, >>> >>> {http://oval.mitre.org/XMLSchema/oval-definitions-5#iosxe}release, >>> {http://oval.mitre.org/XMLSchema/oval-definitions-5#iosxe}rebuild, >>> {http://oval.mitre.org/XMLSchema/oval-definitions-5#iosxe}ios_release ). >>> >>> If I omit --fetch-remote-resources, there are a few different errors, >>> but I guess those don't matter so much? >>> >>> So... what to do? Adding --skip-valid to the command doesn't seem like a >>> solution. If I do that the scan fails almost immediately with: >>> >>> W: oscap: Unknown OVAL family subtype: interim_fix >>> OpenSCAP Error: Unknown test type oval:org.cisecurity:tst:6710. >>> [/builddir/build/BUILD/openscap-1.3.1/src/OVAL/oval_test.c:395] >>> Failed to import the OVAL Definitions from 'oval.xml'. >>> [/builddir/build/BUILD/openscap-1.3.1/src/OVAL/oval_session.c:248] >>> >>> Are there some additional definitions that need to be pulled in somehow? >>> >>> Thanks! >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Open-scap-list mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/open-scap-list >>> >> >> >> -- >> Trevor Vaughan >> Vice President, Onyx Point, Inc >> (410) 541-6699 x788 >> >> -- This account not approved for unencrypted proprietary information -- >> >> ..... >> > This message and attachments may contain confidential information. If it > appears that this message was sent to you by mistake, any retention, > dissemination, distribution or copying of this message and attachments is > strictly prohibited. Please notify the sender immediately and permanently > delete the message and any attachments. > > . . . . . > -- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788 -- This account not approved for unencrypted proprietary information --
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
