Thanks for your note and expecially the code! I looked at the OS-specific files but they seem to be little more than placeholders: many of the ones I looked at don't seem to have any content at all unless it's being pulled in by reference somehow.
The openscap tests have already proven very useful for compliance checking, so I thought it would be good to try the vulnerability class as well. I will try this transform. Thanks very much! Tim On 8/17/19 1:07 AM, Gary Gapinski wrote: > On 8/16/19 4:32 AM, Tim Burress wrote: >> Following up, I find that even the unix.xml fails due to the use of >> 'interim_fix' in tests: >> >> W: oscap: Unknown OVAL family subtype: interim_fix >> >> OpenSCAP Error: Unknown test type oval:org.cisecurity:tst:6710. >> [oval_test.c:395] >> >> Failed to import the OVAL Definitions from 'unix.xml'. [oval_session.c:245] >> >> Looking at the OVAL file it seems that this element appears in 141 tests >> intended for AIX, but there doesn't seem to be an easy way to filter >> those out because of the relationships between tests, definitions, and >> other elements. Is there a good way around that? > > A more polite way to accommodate such tests would be for oscap to handle > such as a soft error. > > That unix.xml file is likely more and less than you want. Try using one > of the more specific files appropriate for the operating system to be > evaluated. > > oscap fails to run if AIX related content is present. The following XSL > transform will discard AIX-related content (in unix.xml if you must use > that). > > <?xml version="1.0" encoding="UTF-8"?> > <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"; > version="1.0" > xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"; > xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5"; > xmlns:aix="http://oval.mitre.org/XMLSchema/oval-definitions-5#aix";> > <xsl:template > match="oval-def:definition[descendant::oval-def:criterion/@test_ref = > //aix:*/@id]"> > <xsl:comment><xsl:text>Definition </xsl:text><xsl:value-of > select="@id"/><xsl:text> removed</xsl:text></xsl:comment> > </xsl:template> > <xsl:template match="aix:*"> > <xsl:comment><xsl:value-of select="local-name()"/><xsl:text> > </xsl:text><xsl:value-of select="@id"/><xsl:text> > removed</xsl:text></xsl:comment> > </xsl:template> > <xsl:template match="node()" priority="-1"> > <xsl:copy> > <xsl:copy-of select="attribute::node()"/> > <xsl:apply-templates/> > </xsl:copy> > </xsl:template> > </xsl:stylesheet> > > The transform is XSLT 1.0 in order to allow xsltproc to be used. Be > advised that the transform takes quite a while to process with xsltproc. > > gapinski@nuc7i7bnh:~/OVAL$ time xsltproc --novalid --output test.xml > strip.xsl unix.xml > > real 3m15.891s > user 3m14.355s > sys 0m0.564s > > And when using oscap to evaluate, skip the validation step to save time: > > gapinski@nuc7i7bnh:~/OVAL$ time oscap oval validate test.xml > > real 0m51.636s > user 0m51.458s > sys 0m0.104s > gapinski@nuc7i7bnh:~/OVAL$ time oscap oval eval --skip-valid --report > report.html test.xml >/dev/null 2>&1 > > real 0m5.757s > user 0m2.673s > sys 0m1.571s > > Finally, it appears (to me) that the evaluation results are not > pleasant. YMMV. > > Regards, > > Gary > _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
