Re: SCAP Security Guide - make validate fails after make templates run

Wed, 03 Sep 2014 13:06:38 -0700 

Hello,

       Just checking on the latest master, this is appearing to fail
because the 'make templates' generates a file permission OVAL check for
grub that is not in the XCCDF. The offending xml file is
file_permissions_boot_grub_grub_conf.xml which if you `rm
file_permissions_boot_grub_grub_conf.xml`. A bug issue can be filed here if
so desired: https://github.com/OpenSCAP/scap-security-guide/issues

Just reading through the README doc under the templates directory,
generally, you do not want to blindly run `make copy` as some of the checks
most likely have been intentionally edited to add additional checks.
Usually building from source, `make && make validate` (under the
scap-security-guide or RHEL/6 directories) work best if you are just
building from the latest source to run a scan. It just depends on what you
are attempting to do. Are you generating OVAL content, or .....?

Gabe


On Wed, Sep 3, 2014 at 3:16 AM, Paul Urwin <m...@paulurwin.com> wrote:

> Hello Everyone,
>
> I'm hoping you can help put me out of my misery!
>
> I've taken the latest version of scap-security-guide
>
> # git clone https://git.fedorahosted.org/git/scap-security-guide.git
>
> And I've been trying to run "make content; make validate" on the RHEL/6
> directory...
>
> ... if I do a fresh git clone and run it, it is successful and the
> validate completes ok.
>
> ...if i first go into the RHEL/6/input/checks/templates directory and run
> "make templates; make copy" ....and then run the "make content; make
> validate" it fails:
>
> paul@myhost:/tmp/ssg3/scap-security-guide/RHEL/6> make validate
> oscap xccdf validate-xml output/ssg-rhel6-xccdf.xml
> oscap oval validate-xml output/ssg-rhel6-oval.xml
> oscap oval validate-xml output/ssg-rhel6-cpe-oval.xml
> cd output; ../utils/verify-references.py --rules-with-invalid-checks
> --ovaldefs-unused ssg-rhel6-xccdf.xml
> /tmp/ssg3/scap-security-guide/RHEL/6/output
> OVAL Check is not referenced by XCCDF: oval:ssg:def:556
> make: *** [validate] Error 1
>
> ...this is a bug of some kind right?
>
> Thanks!
>
> Paul
>
> --
> SCAP Security Guide mailing list
> scap-security-guide@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
> https://github.com/OpenSCAP/scap-security-guide/
>

-- 
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/

Reply via email to