|
On 8/16/19 4:32 AM, Tim Burress wrote:
Following up, I find that even the unix.xml fails due to the use of 'interim_fix' in tests:W: oscap: Unknown OVAL family subtype: interim_fix OpenSCAP Error: Unknown test type oval:org.cisecurity:tst:6710. [oval_test.c:395] Failed to import the OVAL Definitions from 'unix.xml'. [oval_session.c:245] Looking at the OVAL file it seems that this element appears in 141 tests intended for AIX, but there doesn't seem to be an easy way to filter those out because of the relationships between tests, definitions, and other elements. Is there a good way around that? A more polite way to accommodate such tests would be for oscap
to handle such as a soft error. That unix.xml file is likely more and less than you want. Try using one of the more specific files appropriate for the operating system to be evaluated. oscap fails to run if AIX related content is present. The following XSL transform will discard AIX-related content (in unix.xml if you must use that). <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:aix="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix"> <xsl:template match="oval-def:definition[descendant::oval-def:criterion/@test_ref = //aix:*/@id]"> <xsl:comment><xsl:text>Definition </xsl:text><xsl:value-of select="@id"/><xsl:text> removed</xsl:text></xsl:comment> </xsl:template> <xsl:template match="aix:*"> <xsl:comment><xsl:value-of select="local-name()"/><xsl:text> </xsl:text><xsl:value-of select="@id"/><xsl:text> removed</xsl:text></xsl:comment> </xsl:template> <xsl:template match="node()" priority="-1"> <xsl:copy> <xsl:copy-of select="attribute::node()"/> <xsl:apply-templates/> </xsl:copy> </xsl:template> </xsl:stylesheet> The transform is XSLT 1.0 in order to allow xsltproc to be used. Be advised that the transform takes quite a while to process with xsltproc. gapinski@nuc7i7bnh:~/OVAL$ time xsltproc --novalid --output test.xml strip.xsl unix.xml real 3m15.891s user 3m14.355s sys 0m0.564s And when using oscap to evaluate, skip the validation step to save time: gapinski@nuc7i7bnh:~/OVAL$ time oscap oval validate test.xml real 0m51.636s user 0m51.458s sys 0m0.104s gapinski@nuc7i7bnh:~/OVAL$ time oscap oval eval --skip-valid --report report.html test.xml >/dev/null 2>&1 real 0m5.757s user 0m2.673s sys 0m1.571s Finally, it appears (to me) that the evaluation results are not pleasant. YMMV. Regards, Gary |
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
