Hello Shawn, ----- Original Message ----- > From: "Shawn Wells" <[email protected]> > To: [email protected] > Sent: Tuesday, May 13, 2014 10:15:13 PM > Subject: Re: SCC (UNCLASSIFIED) > > > On 5/13/14, 8:20 AM, Shaw, Ray V CTR USARMY ARL (US) wrote: > > Classification: UNCLASSIFIED > > Caveats: NONE > > > > Unfortunately, I'm not aware of a way to do that. You just get to select > > your > > XCCDF and the stream you want, and SCC kind of does its thing (or doesn't, > > in > > this case); the other files aren't specified explicitly as they are with > > OpenSCAP. It just has them all and decides what to do with them. I tried > > moving the cpe-oval file out of /opt/scc/Resources/Content, but then it > > just > > complained, used its generic CPE dictionary, and failed anyway. > > > > I also tried loading ssg-rhel6-oval.xml as OVAL content, and running a scan > > that way, but that comes up with: > > > > [ERROR] Could not find the external variables file for "ssg-rhel6-oval". > > > > And yes, definitely running RHEL :p I've tried it on a few different > > systems, > > both Workstation and Server. > > Strange. The SCC guys and I traded EMails last night, they're sending > over the latest SCC build. The SSG community has a good relationship > with that team, many even beta test their releases, making this odd. > Will ping the list once I've the latest version downloaded (hopefully > today).
If it's not a business secret would it be possible to document the way, how such beta release SCC build can be obtained? Even informally (to be read as - mail this email contact with justification / reasoning [referencing particular SSG mailing list use case] why you need access to the software) would be sufficient. The sole motivation behind this request being it's not the first time there's is some SCC issue with SSG content reported (SCC behaving differently than OpenSCAP) and I think it would only help to improve the maturity (of both?) of the projects we to be directly able to test / experience the issues our users are experiencing (we to be able more quickly to identify potential reasons & fix them where / if necessary). Have searched further in the past, how SCC can be obtained, but from the page: [1] http://www.public.navy.mil/spawar/Atlantic/ProductsServices/Pages/SCAP.aspx to be able to download that software you need to belong in one of the following groups: * Department of Defence (DoD) user with valid Common Access Card (CAC) id, * Non-DOD - US Government Employee or contractor, There's also alternate method (if you don't fall in none of the above groups), it's possible to request access via [email protected] email address providing the following justification: 1) US Federal agency you are supporting 2) Government POC with .gov or .mil email address or Contract Number but since I didn't find a way how either of the three can be achieved (is this documented somewhere on SSG's wiki?) gave up on following SCC error / bug reports from our customers, since it's hard to identify the reason / source of the problem, when you aren't able to download / try the software in question. I think there might be more people on this mailing list able to offer their help into investigating such bug reports / use cases, but just due to the limitation not having access to the tool (and even not being able in transparent way to obtain it), not investing their time in these cases further (which doesn't help neither of the two projects). Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team > > > _______________________________________________ > scap-security-guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
