Martin, I was able to run xccdf and oscan after editing the eap5-xccdf.xml file. I did comment out all '<platform idref="cpe:/a:redhat..' lines (5 lines in total).
java -jar xccdfexec.jar -result bla.xml --report bla.html --profile eap5_full -c eap5-cpe-oval.xml -C eap5-cpe-dictionary.xl -P eap5_full Did run and asked me a lot's of questions. The same questions as can be found in the JBossEAP5_Guide.html document. Based on my answers it generated a few xml files. But am I mistaken or doesn't xccdfexec cheeck anything? Oscap did check some things by it self (by inspecting jboss xml files I supose). I run it with the following options: oscap xccdf eval --results bla.xml --report bla.html --profile eap5-full -cpe eap5-cpe-dictionary.xml eap5-xccdf.xml It generated the bla.html file and most of the checks were done. Previously I did check the Jboss by hand and I think oscap is not very meticulous. Some checks did get the passed status and I'm sure it should have failed. Any comments on this/ I'm very unexperienced with xccdfexec and oscan and maybe I'm not using these tools correctly. regards, Ivan On Tue, Apr 22, 2014 at 12:32 PM, Ivan Saez Scheihing < [email protected]> wrote: > Martin, > > Okay. thanks. I'll give it a try and let you know if it works. > > regards, > > Ivan > > > > > On Tue, Apr 22, 2014 at 12:30 PM, Martin Preisler <[email protected]>wrote: > >> ----- Original Message ----- >> > From: "Ivan Saez Scheihing" <[email protected]> >> > To: "CAP Security Guide" <[email protected]> >> > Sent: Sunday, April 20, 2014 1:51:59 PM >> > Subject: oscap & jboss on Fedora >> > >> > Hi, >> > >> > I'n new to oscap/xccdf and am trying unleash it on a Jboss 5 >> installation >> > (Jboss EAP 5 (5.1.2)). The original jboss installation runs on a RedHat >> 6 >> > server but I'm not allowed to install software on that server. I've >> copied >> > the Jboss installation on a Fedora server and when I try to use xccdf I >> get >> > the following error: >> > !! The target checklist is not applicable to this platform. aborting.... >> > I'm not sure if it's refering to Fedora or Jboss. Any ideas? >> > The when I try oscap >> > oscap xccdf evel --results bla.xml --report bla.html --profile eap5_full >> > --cpe eap5-cpe-dictionary.xml eap5-xccdf.xml >> > >> > I get lot's of "not applicable" messages and the bla.html contains no >> > meaningfull information. >> >> If you insist on running it on this platform combination you need to >> remove all the <platform>..</platform> elements from the XCCDF. >> >> -- >> Martin Preisler >> _______________________________________________ >> scap-security-guide mailing list >> [email protected] >> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide >> > >
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
