Hi all, I've seen reference to this on this and other lists but no acceptable resolution.
Per documentation, I downloaded and installed the following: openscap-content-1.0.8-1.el6_5.noarch perl-Pod-Escapes-1.04-136.el6.x86_64 openscap-1.0.8-1.el6_5.x86_64 scap-security-guide-0.1-16.el6.noarch openscap-utils-1.0.8-1.el6_5.x86_64 python-lxml-2.2.3-1.1.el6.x86_64 Using the command in the User Guide, after running: oscap xccdf eval --profile stig-rhel6-server-upstream \ --results /tmp/`hostname`-ssg-results.xml \ --report /tmp/`hostname`-ssg-results.html \ --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \ /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml I get valid output for about 225 CCE checks but then error out with: OpenSCAP Error: Conversion of the string "-" to an integer (64 bits) failed: Invalid argument [oval_cmp.c:113] I can confirm this is coming from the check for disabling coredumps in the limits.conf file by having replacing * - core 0 with * hard core 0 which resulted in: OpenSCAP Error: Conversion of the string "hard" to an integer (64 bits) failed: Invalid argument [oval_cmp.c:113] I went back and downloaded the scap-security-guide 0.5 source and compiled/installed. The doc says rhel6-xccdf-scap-security-guide.xml and rhel6-oval-scap-security-guide.xml would be produced from the make but I didn't find any. I did find the ssg xccdf and cpe files from scap-security-guide/RHEL6/dist/content so used those and got: Profile "stig-rhel6-server-upstream" was not found. Re-running again with server and stig-server profiles instead gave: OpenSCAP Error: Selector ID(ensure_logrotate_activated) does not exist in Benchmark. [xccdf_policy.c:1904] after running a few valid checks. Am I missing a step somewhere? Thanks, George Jackson
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
