Hi Peter, Thanks for the explanation. I had finally figured the right options, but only yesterday! Using (from RPM) openscap-0.8.0-2.el6.x86_64, I got different results.
$ oscap xccdf eval --profile common --results ssg-xccdf-results.xml --oval-results rhel6-xccdf-scap-security-guide.xml $ oscap oval validate-xml --results --schematron rhel6-oval-scap-security-guide.xml.result.xml xmlXPathCompOpEval: function exists not found XPath error : Unregistered function xmlXPathCompiledEval: 1 objects left on the stack. Should I re-try with the source build to replicate the issue below? Jeff On 08/28/2012 11:59 AM, Peter Vrabec wrote: > Hi, > > I'd like to clarify how I created > "rhel6-oval-scap-security-guide.xml.result.xml" > > # oscap xccdf eval --profile common --results ssg-xccdf-results.xml > --oval-results ssg/RHEL6/output/rhel6-xccdf-scap-security-guide.xml > > > "--oval-results" option do all the magic. man page: > ... > Generate OVAL Result file for each OVAL session used for evaluation. > File with name 'original-oval-definitions-filename.result.xml' will be > generated for each referenced OVAL file. > ... > > > Peter. > > > > On 08/21/2012 03:54 PM, Peter Vrabec wrote: >> Hi all, >> >> I have found that If I validate OVAL results by schematron rules: >> >> $ oscap oval validate-xml --results --schematron >> rhel6-oval-scap-security-guide.xml.result.xml >> >> I get two types of errors: >> >> oval:scap-security-guide:tst:960 - No state should be referenced when >> check_existence has a value of 'none_exist'. >> oval:scap-security-guide:tst:959 - No state should be referenced when >> check_existence has a value of 'none_exist'. >> oval:scap-security-guide:tst:811 - No state should be referenced when >> check_existence has a value of 'none_exist'. >> oval:scap-security-guide:tst:787 - No state should be referenced when >> check_existence has a value of 'none_exist'. >> oval:scap-security-guide:tst:786 - No state should be referenced when >> check_existence has a value of 'none_exist'. >> oval:scap-security-guide:tst:359 - No state should be referenced when >> check_existence has a value of 'none_exist'. >> oval:scap-security-guide:tst:267 - No state should be referenced when >> check_existence has a value of 'none_exist'. >> oval:scap-security-guide:tst:221 - No state should be referenced when >> check_existence has a value of 'none_exist'. >> oval:scap-security-guide:tst:1085 - No state should be referenced when >> check_existence has a value of 'none_exist'. >> oval:scap-security-guide:var:2663 - inconsistent datatype between the >> variable and an associated var_ref >> oval:scap-security-guide:var:2655 - inconsistent datatype between the >> variable and an associated var_ref >> oval:scap-security-guide:var:2651 - inconsistent datatype between the >> variable and an associated var_ref >> oval:scap-security-guide:var:2649 - inconsistent datatype between the >> variable and an associated var_ref >> oval:scap-security-guide:var:2648 - inconsistent datatype between the >> variable and an associated var_ref >> oval:scap-security-guide:var:2644 - inconsistent datatype between the >> variable and an associated var_ref >> oval:scap-security-guide:var:2636 - inconsistent datatype between the >> variable and an associated var_ref >> oval:scap-security-guide:var:2629 - inconsistent datatype between the >> variable and an associated var_ref >> >> >> Peter. >> _______________________________________________ >> scap-security-guide mailing list >> [email protected] >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide -- ___________________________ Jeffrey Blank 410-854-8675 Technology and Systems Analysis / Network Components NSA Information Assurance _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
