Re: [Open-scap] ntp and auditd setting issue in debian 8
Systemd probes failed to initialize which caused unknown rule result: D: oscap: skipped: systemdunitproperty (stat failed, errno=2) [oscap(22177):unknown(7fe12f9b6740):oval_probe_ext.c:1006:oval_probe_ext_init] D: oscap: skipped: systemdunitdependency (stat failed, errno=2) [oscap(22177):unknown(7fe12f9b6740):oval_probe_ext.c:1006:oval_probe_ext_init] What version of openscap do you use? Matus On Wed, Sep 5, 2018 at 11:42 AM, Dhanushka Parakrama < parakrama1...@gmail.com> wrote: > Hi Matus > > Please find the attached reports > > On Tue, 4 Sep 2018 at 18:43, Matus Marhefka wrote: > >> Hi Dhanushka, >> >> have you run both 'systemctl start SERVICE' and 'systemctl enable >> SERVICE' (replace SERVICE with auditd and ntp)? If yes, it might be an >> issue either in OVAL checks or in the systemdunitdependency_probe. Please >> run the following scans and send us the outputs for further analysis: >> >> *oscap xccdf eval --verbose DEVEL --profile >> xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --rule >> xccdf_org.ssgproject.content_rule_service_ntp_enabled ssg-debian8-ds.xml* >> and >> *oscap xccdf eval --verbose DEVEL --profile >> xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --rule >> xccdf_org.ssgproject.content_rule_service_auditd_enabled ssg-debian8-ds.xml* >> >> >> Best Regards, >> Matus Marhefka >> >> On Mon, Sep 3, 2018 at 11:59 AM, Dhanushka Parakrama < >> parakrama1...@gmail.com> wrote: >> >>> Guys >>> >>> Any news regarding the error >>> >>> On Wed, 29 Aug 2018 at 21:33, Dhanushka Parakrama < >>> parakrama1...@gmail.com> wrote: >>> Hi Team We have ran the scan for debian 8 using below command *oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report report.html ssg-debian8-ds.xml* Got alerts as below , === [image: image.png] To Fixed it we ran the below commands as suggested by the report *service ntp status* ● ntp.service - LSB: Start NTP daemon Loaded: loaded (/etc/init.d/ntp) Active: active (running) since Mon 2018-08-27 18:24:21 IST; 2 days ago CGroup: /system.slice/ntp.service └─473 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 112:120 Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 1 v6wildcard :: UDP 123 Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 2 lo 127.0.0.1 UDP 123 Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 3 eth0 192.168.8.150 UDP 123 Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 4 lo ::1 UDP 123 Aug 27 18:24:21 oscapserver ntpd[473]: peers refreshed Aug 27 18:24:21 oscapserver ntpd[473]: Listening on routing socket on fd #21 for interface updates Aug 27 18:24:21 oscapserver systemd[1]: Started LSB: Start NTP daemon. Aug 27 18:24:24 oscapserver ntpd[473]: Listen normally on 5 eth0 fe80::250:56ff:fe94:6150 UDP 123 Aug 27 18:24:24 oscapserver ntpd[473]: peers refreshed *service auditd status* ● auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled) Active: active (running) since Tue 2018-08-28 14:41:28 IST; 1 day 6h ago Main PID: 12464 (auditd) CGroup: /system.slice/auditd.service └─12464 /sbin/auditd -n But even after we ran the scan after fixing it Report still shows as [image: image.png] Is there any reason for that ? Thank You Dhanushka >>> ___ >>> Open-scap-list mailing list >>> Open-scap-list@redhat.com >>> https://www.redhat.com/mailman/listinfo/open-scap-list >>> >> >> ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] ntp and auditd setting issue in debian 8
Hi Dhanushka, have you run both 'systemctl start SERVICE' and 'systemctl enable SERVICE' (replace SERVICE with auditd and ntp)? If yes, it might be an issue either in OVAL checks or in the systemdunitdependency_probe. Please run the following scans and send us the outputs for further analysis: *oscap xccdf eval --verbose DEVEL --profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --rule xccdf_org.ssgproject.content_rule_service_ntp_enabled ssg-debian8-ds.xml* and *oscap xccdf eval --verbose DEVEL --profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --rule xccdf_org.ssgproject.content_rule_service_auditd_enabled ssg-debian8-ds.xml* Best Regards, Matus Marhefka On Mon, Sep 3, 2018 at 11:59 AM, Dhanushka Parakrama < parakrama1...@gmail.com> wrote: > Guys > > Any news regarding the error > > On Wed, 29 Aug 2018 at 21:33, Dhanushka Parakrama > wrote: > >> >> Hi Team >> >> We have ran the scan for debian 8 using below command >> >> *oscap xccdf eval --profile >> xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report >> report.html ssg-debian8-ds.xml* >> >> Got alerts as below , >> === >> >> [image: image.png] >> >> >> >> To Fixed it we ran the below commands as suggested by the report >> >> *service ntp status* >> ● ntp.service - LSB: Start NTP daemon >>Loaded: loaded (/etc/init.d/ntp) >>Active: active (running) since Mon 2018-08-27 18:24:21 IST; 2 days ago >>CGroup: /system.slice/ntp.service >>└─473 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 112:120 >> >> Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 0 v4wildcard >> 0.0.0.0 UDP 123 >> Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 1 v6wildcard :: >> UDP 123 >> Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 2 lo 127.0.0.1 >> UDP 123 >> Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 3 eth0 >> 192.168.8.150 UDP 123 >> Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 4 lo ::1 UDP 123 >> Aug 27 18:24:21 oscapserver ntpd[473]: peers refreshed >> Aug 27 18:24:21 oscapserver ntpd[473]: Listening on routing socket on fd >> #21 for interface updates >> Aug 27 18:24:21 oscapserver systemd[1]: Started LSB: Start NTP daemon. >> Aug 27 18:24:24 oscapserver ntpd[473]: Listen normally on 5 eth0 >> fe80::250:56ff:fe94:6150 UDP 123 >> Aug 27 18:24:24 oscapserver ntpd[473]: peers refreshed >> >> >> *service auditd status* >> ● auditd.service - Security Auditing Service >>Loaded: loaded (/lib/systemd/system/auditd.service; enabled) >>Active: active (running) since Tue 2018-08-28 14:41:28 IST; 1 day 6h >> ago >> Main PID: 12464 (auditd) >>CGroup: /system.slice/auditd.service >>└─12464 /sbin/auditd -n >> >> >> But even after we ran the scan after fixing it Report still shows as >> >> >> [image: image.png] >> >> Is there any reason for that ? >> >> >> Thank You >> Dhanushka >> >> >> > ___ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list > ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] ntp and auditd setting issue in debian 8
Guys Any news regarding the error On Wed, 29 Aug 2018 at 21:33, Dhanushka Parakrama wrote: > > Hi Team > > We have ran the scan for debian 8 using below command > > *oscap xccdf eval --profile > xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report > report.html ssg-debian8-ds.xml* > > Got alerts as below , > === > > [image: image.png] > > > > To Fixed it we ran the below commands as suggested by the report > > *service ntp status* > ● ntp.service - LSB: Start NTP daemon >Loaded: loaded (/etc/init.d/ntp) >Active: active (running) since Mon 2018-08-27 18:24:21 IST; 2 days ago >CGroup: /system.slice/ntp.service >└─473 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 112:120 > > Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 0 v4wildcard > 0.0.0.0 UDP 123 > Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 1 v6wildcard :: > UDP 123 > Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 2 lo 127.0.0.1 > UDP 123 > Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 3 eth0 > 192.168.8.150 UDP 123 > Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 4 lo ::1 UDP 123 > Aug 27 18:24:21 oscapserver ntpd[473]: peers refreshed > Aug 27 18:24:21 oscapserver ntpd[473]: Listening on routing socket on fd > #21 for interface updates > Aug 27 18:24:21 oscapserver systemd[1]: Started LSB: Start NTP daemon. > Aug 27 18:24:24 oscapserver ntpd[473]: Listen normally on 5 eth0 > fe80::250:56ff:fe94:6150 UDP 123 > Aug 27 18:24:24 oscapserver ntpd[473]: peers refreshed > > > *service auditd status* > ● auditd.service - Security Auditing Service >Loaded: loaded (/lib/systemd/system/auditd.service; enabled) >Active: active (running) since Tue 2018-08-28 14:41:28 IST; 1 day 6h ago > Main PID: 12464 (auditd) >CGroup: /system.slice/auditd.service >└─12464 /sbin/auditd -n > > > But even after we ran the scan after fixing it Report still shows as > > > [image: image.png] > > Is there any reason for that ? > > > Thank You > Dhanushka > > > ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
[Open-scap] ntp and auditd setting issue in debian 8
Hi Team We have ran the scan for debian 8 using below command *oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report report.html ssg-debian8-ds.xml* Got alerts as below , === [image: image.png] To Fixed it we ran the below commands as suggested by the report *service ntp status* ● ntp.service - LSB: Start NTP daemon Loaded: loaded (/etc/init.d/ntp) Active: active (running) since Mon 2018-08-27 18:24:21 IST; 2 days ago CGroup: /system.slice/ntp.service └─473 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 112:120 Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123 Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 1 v6wildcard :: UDP 123 Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 2 lo 127.0.0.1 UDP 123 Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 3 eth0 192.168.8.150 UDP 123 Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 4 lo ::1 UDP 123 Aug 27 18:24:21 oscapserver ntpd[473]: peers refreshed Aug 27 18:24:21 oscapserver ntpd[473]: Listening on routing socket on fd #21 for interface updates Aug 27 18:24:21 oscapserver systemd[1]: Started LSB: Start NTP daemon. Aug 27 18:24:24 oscapserver ntpd[473]: Listen normally on 5 eth0 fe80::250:56ff:fe94:6150 UDP 123 Aug 27 18:24:24 oscapserver ntpd[473]: peers refreshed *service auditd status* ● auditd.service - Security Auditing Service Loaded: loaded (/lib/systemd/system/auditd.service; enabled) Active: active (running) since Tue 2018-08-28 14:41:28 IST; 1 day 6h ago Main PID: 12464 (auditd) CGroup: /system.slice/auditd.service └─12464 /sbin/auditd -n But even after we ran the scan after fixing it Report still shows as [image: image.png] Is there any reason for that ? Thank You Dhanushka ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list