Hello Team, I am using Ubuntu 16.04.6 LTS and want to use openscap to scan against DISA Stig fie.
File location - wget https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Canonical_Ubuntu_16-04_LTS_V1R3_STIG.zip When I initiate scan "oscap xccdf eval --profile MAC-1_Public U_Canonical_Ubuntu_16-04_LTS_STIG_V1R3_Manual-xccdf.xml" --------> I see result but all checks are *not checked*. Can you someone help me in running this scan successfully ? Thanks in advance. Also the reason why I am failing. Out put I see after executing - "oscap xccdf eval --profile MAC-1_Public U_Canonical_Ubuntu_16-04_LTS_STIG_V1R3_Manual-xccdf.xml" Title *The Ubuntu operating system must be a vendor supported release.* Rule SV-90069r1_rule Ident CCI-001230 Result notchecked *------**not checked* Title *Ubuntu vendor packaged system security patches and updates must be installed and up to date.* Rule SV-90071r5_rule Ident CCI-000366 Result *notchecked. **------**not checked* Title *The Ubuntu operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon.* Rule SV-90073r3_rule Ident CCI-000048 Ident CCI-001384 Ident CCI-001385 Ident CCI-001386 Ident CCI-001387 Ident CCI-001388 Result *notchecked * *------**not checked* - > I was able to download openscap base via apt-get install libopenscap8 - > I visited openscap home page, I tried to download SCAP Security guide via apt install ssg-base ssg-debderived ssg-debian ssg-nondebian ssg-applications *Unable to locate package!* also it description at website says ubuntu 18 + - >Tried to install workbench hoping SSG will get downloaded as dependency via apt-get install scap-workbench But again - *Unable to locate package* (this time it should have worked, website says ubuntu 17 +) *Few detail about Enviroment :- * *oscap -V* OpenSCAP command line tool (oscap) 1.2.8 Copyright 2009--2016 Red Hat Inc., Durham, North Carolina. ==== Supported specifications ==== XCCDF Version: 1.2 OVAL Version: 5.11.1 CPE Version: 2.3 CVSS Version: 2.0 CVE Version: 2.0 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1 ==== Capabilities added by auto-loaded plugins ==== SCE Version: 1.0 (from libopenscap_sce.so.8) ==== Paths ==== Schema files: /usr/share/openscap/schemas Default CPE files: /usr/share/openscap/cpe Probes: /usr/lib/x86_64-linux-gnu/openscap ==== Inbuilt CPE names ==== Red Hat Enterprise Linux - cpe:/o:redhat:enterprise_linux Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5 Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6 Red Hat Enterprise Linux 7 - cpe:/o:redhat:enterprise_linux:7 Community Enterprise Operating System 5 - cpe:/o:centos:centos:5 Community Enterprise Operating System 6 - cpe:/o:centos:centos:6 Community Enterprise Operating System 7 - cpe:/o:centos:centos:7 Scientific Linux 5 - cpe:/o:scientificlinux:scientificlinux:5 Scientific Linux 6 - cpe:/o:scientificlinux:scientificlinux:6 Scientific Linux 7 - cpe:/o:scientificlinux:scientificlinux:7 Fedora 16 - cpe:/o:fedoraproject:fedora:16 Fedora 17 - cpe:/o:fedoraproject:fedora:17 Fedora 18 - cpe:/o:fedoraproject:fedora:18 Fedora 19 - cpe:/o:fedoraproject:fedora:19 Fedora 20 - cpe:/o:fedoraproject:fedora:20 Fedora 21 - cpe:/o:fedoraproject:fedora:21 Fedora 22 - cpe:/o:fedoraproject:fedora:22 Fedora 23 - cpe:/o:fedoraproject:fedora:23 Fedora 24 - cpe:/o:fedoraproject:fedora:24 SUSE Linux Enterprise all versions - cpe:/o:suse:sle SUSE Linux Enterprise Server 10 - cpe:/o:suse:sles:10 SUSE Linux Enterprise Desktop 10 - cpe:/o:suse:sled:10 SUSE Linux Enterprise Server 11 - cpe:/o:suse:sles:11 SUSE Linux Enterprise Desktop 11 - cpe:/o:suse:sled:11 SUSE Linux Enterprise Server 12 - cpe:/o:suse:sles:12 SUSE Linux Enterprise Desktop 12 - cpe:/o:suse:sled:12 openSUSE 11.4 - cpe:/o:opensuse:opensuse:11.4 openSUSE 13.1 - cpe:/o:opensuse:opensuse:13.1 openSUSE 13.2 - cpe:/o:opensuse:opensuse:13.2 openSUSE All Versions - cpe:/o:opensuse:opensuse Red Hat Enterprise Linux Optional Productivity Applications - cpe:/a:redhat:rhel_productivity Red Hat Enterprise Linux Optional Productivity Applications 5 - cpe:/a:redhat:rhel_productivity:5 *oscap info U_Canonical_Ubuntu_16-04_LTS_STIG_V1R3_Manual-xccdf.xml* Document type: XCCDF Checklist Checklist version: 1.1 Imported: 2019-12-26T06:17:00 Status: accepted Generated: 2019-12-23 Resolved: false Profiles: MAC-1_Classified MAC-1_Public MAC-1_Sensitive MAC-2_Classified MAC-2_Public MAC-2_Sensitive MAC-3_Classified MAC-3_Public MAC-3_Sensitive Referenced check files: DPMS_XCCDF_Benchmark_Canonical_Ubuntu_16-04_LTS.xml system: C-75133r1_chk DPMS_XCCDF_Benchmark_Canonical_Ubuntu_16-04_LTS.xml ............truncated output-------------------- Best Regards, Ravi Rathore +91-9741288815
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
