Hi Andrew, Thanks for the info. I'll download/compile the openscap source from git and use that instead.
Thanks again, George Jackson -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andrew Gilmore Sent: Friday, May 23, 2014 2:11 PM To: SCAP Security Guide Subject: Re: OpenSCAP Error: Conversion of the string "-" to an integer (64 bits) failed: Invalid argument [oval_cmp.c:113] George, This is a bug in the pattern matching code for this check that has recently been fixed. I'm not sure on the timeline for getting that fix into the rpms. On Fri, May 23, 2014 at 12:51 PM, Jackson, George C III CTR DISA PEO-MA (US) <[email protected]> wrote: Hi all, I've seen reference to this on this and other lists but no acceptable resolution. Per documentation, I downloaded and installed the following: openscap-content-1.0.8-1.el6_5.noarch perl-Pod-Escapes-1.04-136.el6.x86_64 openscap-1.0.8-1.el6_5.x86_64 scap-security-guide-0.1-16.el6.noarch openscap-utils-1.0.8-1.el6_5.x86_64 python-lxml-2.2.3-1.1.el6.x86_64 Using the command in the User Guide, after running: oscap xccdf eval --profile stig-rhel6-server-upstream \ --results /tmp/`hostname`-ssg-results.xml \ --report /tmp/`hostname`-ssg-results.html \ --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \ /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml I get valid output for about 225 CCE checks but then error out with: OpenSCAP Error: Conversion of the string "-" to an integer (64 bits) failed: Invalid argument [oval_cmp.c:113] I can confirm this is coming from the check for disabling coredumps in the limits.conf file by having replacing * - core 0 with * hard core 0 which resulted in: OpenSCAP Error: Conversion of the string "hard" to an integer (64 bits) failed: Invalid argument [oval_cmp.c:113] I went back and downloaded the scap-security-guide 0.5 source and compiled/installed. The doc says rhel6-xccdf-scap-security-guide.xml and rhel6-oval-scap-security-guide.xml would be produced from the make but I didn't find any. I did find the ssg xccdf and cpe files from scap-security-guide/RHEL6/dist/content so used those and got: Profile "stig-rhel6-server-upstream" was not found. Re-running again with server and stig-server profiles instead gave: OpenSCAP Error: Selector ID(ensure_logrotate_activated) does not exist in Benchmark. [xccdf_policy.c:1904] after running a few valid checks. Am I missing a step somewhere? Thanks, George Jackson _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
