Classification: UNCLASSIFIED Caveats: NONE
> -----Original Message----- > From: Jan Lieskovsky [mailto:[email protected]] > Sent: Friday, May 09, 2014 9:45 AM > To: Shaw, Ray V CTR USARMY ARL (US) > Cc: SCAP Security Guide > Subject: Re: SCC (UNCLASSIFIED) > > Hello Ray, > > thank you for checking with us. > > ----- Original Message ----- > > From: "Ray V CTR USARMY ARL Shaw (US)" <[email protected]> > > To: [email protected] > > Sent: Friday, May 9, 2014 3:28:18 PM > > Subject: SCC (UNCLASSIFIED) > > > > Classification: UNCLASSIFIED > > Caveats: NONE > > > > I remember that there were issues with the SSG content and RHEL6 (due > > to SCC not supporting a sufficient version of...XCCDF? SCAP?). But > > previously, I could still use SCC with the SSG content; it would just > > generate a few more false positives than using OpenSCAP. Admittedly, > > it has been a while since I tried. > > > > Now, when trying SCC 3.1.2, I can't make it run at all. After > > importing the zip file (generated from git) and selecting the > > stig-rhel6-server-upstream profile, a scan finishes almost > immediately with: > > > > The SCAP content stream <ssg-rhel6-> is not applicable to this > > platform per the CPE definitions > > > > I've tried on both RHEL6 Workstation and Server, and I've also tried > > stripping the <platform> information from the XML files. > > > > I'm attempting this for two reasons, as otherwise I'm perfectly happy > > scanning with OpenSCAP. SCC has the ability to run a check on a > > single rule at a time, which is useful. Also, I have an inspection > > soon, and they may want me to use it. > > Does SCC have a possibility to check just one OVAL definition? If so, > could you try to run the SCC alternative to the following OpenSCAP > command and let us know it's output:? > > # oscap oval eval --id oval:ssg:def:100 ssg-rhel6-oval.xml > > The oval:ssg:def:100 definition checks if the installed version of the > OS is > RHEL-6 (above evaluation returns true with OpenSCAP on RHEL-6). > > So wondering if the not applicable problem can't come from different > evaluation of this rule. Also, have you tried to explicitly provide > RHEL-6 CPE file > (ssg-rhel6-cpe-dictionary.xml) to SCC? Still the same output? Unfortunately, as far as I can tell, SCC only has an option to evaluate a single XCCDF rule (and then only from the command line). Which is usually what I want! But of course, not right now. The command you provided returns true with OpenSCAP for me as well. I don't really see a way to specify ssg-rhel6-cpe-dictionary.xml. Basically, it lets you import SCAP, OVAL, or OCIL content and then do a limited amount of things with that. When I imported the SSG zip as SCAP, it copied all files to its Resources/Content directory, but only really lets me interact with the XCCDF (selecting a stream and running a scan). I did try to import the OVAL file directly, enable it, and run a scan with it, but I don't think that was an expected thing to do: [ERROR] Could not find the external variables file for "ssg-rhel6-oval". I'll have to see if the XML results generated by an OpenSCAP scan work with the "next in line" set of tools (STIG viewer, etc.) I seem to recall that being an issue before, but if it works, then maybe that will be fine. I can live without the ability to run a single XCCDF check (though it would be super great if OpenSCAP had this). -- Ray Shaw (Contractor, STG) Army Research Laboratory CIO, Unix Support Classification: UNCLASSIFIED Caveats: NONE
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
