Thanks for your note and expecially the code! I looked at the
OS-specific files but they seem to be little more than placeholders:
many of the ones I looked at don't seem to have any content at all
unless it's being pulled in by reference somehow.

The openscap tests have already proven very useful for compliance
checking, so I thought it would be good to try the vulnerability class
as well. I will try this transform. Thanks very much!


On 8/17/19 1:07 AM, Gary Gapinski wrote:
> On 8/16/19 4:32 AM, Tim Burress wrote:
>> Following up, I find that even the unix.xml fails due to the use of
>> 'interim_fix' in tests:
>> W: oscap: Unknown OVAL family subtype: interim_fix
>> OpenSCAP Error: Unknown test type oval:org.cisecurity:tst:6710.
>> [oval_test.c:395]
>> Failed to import the OVAL Definitions from 'unix.xml'. [oval_session.c:245]
>> Looking at the OVAL file it seems that this element appears in 141 tests
>> intended for AIX, but there doesn't seem to be an easy way to filter
>> those out because of the relationships between tests, definitions, and
>> other elements. Is there a good way around that?
> A more polite way to accommodate such tests would be for oscap to handle
> such as a soft error.
> That unix.xml file is likely more and less than you want. Try using one
> of the more specific files appropriate for the operating system to be
> evaluated.
> oscap fails to run if AIX related content is present. The following XSL
> transform will discard AIX-related content (in unix.xml if you must use
> that).
> <?xml version="1.0" encoding="UTF-8"?>
> <xsl:stylesheet xmlns:xsl=""; 
> version="1.0" 
> xmlns:oval-def="";
>     xmlns:oval=""; 
> xmlns:aix="";>
>     <xsl:template 
> match="oval-def:definition[descendant::oval-def:criterion/@test_ref = 
> //aix:*/@id]">
>         <xsl:comment><xsl:text>Definition </xsl:text><xsl:value-of 
> select="@id"/><xsl:text> removed</xsl:text></xsl:comment>
>     </xsl:template>
>     <xsl:template match="aix:*">
>         <xsl:comment><xsl:value-of select="local-name()"/><xsl:text> 
> </xsl:text><xsl:value-of select="@id"/><xsl:text> 
> removed</xsl:text></xsl:comment>
>     </xsl:template>
>     <xsl:template match="node()" priority="-1">
>         <xsl:copy>
>             <xsl:copy-of select="attribute::node()"/>
>             <xsl:apply-templates/>
>         </xsl:copy>
>     </xsl:template>
> </xsl:stylesheet>
> The transform is XSLT 1.0 in order to allow xsltproc to be used. Be
> advised that the transform takes quite a while to process with xsltproc.
> gapinski@nuc7i7bnh:~/OVAL$ time xsltproc --novalid --output test.xml 
> strip.xsl unix.xml
> real  3m15.891s
> user  3m14.355s
> sys   0m0.564s
> And when using oscap to evaluate, skip the validation step to save time:
> gapinski@nuc7i7bnh:~/OVAL$ time oscap oval validate test.xml
> real  0m51.636s
> user  0m51.458s
> sys   0m0.104s
> gapinski@nuc7i7bnh:~/OVAL$ time oscap oval eval --skip-valid --report 
> report.html test.xml >/dev/null 2>&1
> real  0m5.757s
> user  0m2.673s
> sys   0m1.571s
> Finally, it appears (to me) that the evaluation results are not
> pleasant. YMMV.
> Regards,
> Gary

Open-scap-list mailing list

Reply via email to