On 5/9/14, 9:28 AM, Shaw, Ray V CTR USARMY ARL (US) wrote:
Classification: UNCLASSIFIED
Caveats: NONE
I remember that there were issues with the SSG content and RHEL6 (due to SCC
not supporting a sufficient version of...XCCDF? SCAP?). But previously, I
could still use SCC with the SSG content; it would just generate a few more
false positives than using OpenSCAP. Admittedly, it has been a while since
I tried.
Now, when trying SCC 3.1.2, I can't make it run at all. After importing the
zip file (generated from git) and selecting the stig-rhel6-server-upstream
profile, a scan finishes almost immediately with:
The SCAP content stream <ssg-rhel6-> is not applicable to this
platform per the CPE definitions
I've tried on both RHEL6 Workstation and Server, and I've also tried
stripping the <platform> information from the XML files.
I'm attempting this for two reasons, as otherwise I'm perfectly happy
scanning with OpenSCAP. SCC has the ability to run a check on a single rule
at a time, which is useful. Also, I have an inspection soon, and they may
want me to use it.
Through feedback and active dialog with SPAWAR, we wrote a quick "SCC
Usage" guide back in Nov 2013 [1]. Could you give it a skim, and if
you're still having problems, I'll download a copy of the latest SCC and
see if I can duplicate. The existing docs were written against SCC 3.1
RC2, so in theory there should be minimal differences against the GA
release:
http://people.redhat.com/swells/scap-security-guide/docs/User_Guide/tmp/en-US/html-single/#sect-User_Guide-Alt_Tools-SCC
[1]
https://lists.fedorahosted.org/pipermail/scap-security-guide/2013-November/004468.html
_______________________________________________
scap-security-guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
