from:"Przemek Klosowski"

Re: [Open-scap] fetch remote resources on RHEL7 fails

2017-04-10 Thread Przemek Klosowski


On 04/10/2017 01:10 PM, Watson Yuuma Sato wrote:


Downloading:
http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml
... ok
OpenSCAP Error: Unable to parse XML from user memory buffer
[oscap_source.c:254]




On SSG version 0.1.31 we switched to URL
http://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml
.bz2
,
this one is working fine.

The XML files (after decompression) are exactly identical, so it must be 
a bug in the openscap-scanner, right?


___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

[Open-scap] fetch remote resources on RHEL7 fails

2017-04-06 Thread Przemek Klosowski

On a fresh-out-of-the-box+updated RHEL7 (with 
openscap-scanner-1.2.10-3.el7_3.x86_64)


   oscap xccdf eval --profile
   xccdf_org.ssgproject.content_profile_common --report
   /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
   This content points out to the remote resources. Use
   `--fetch-remote-resources' option to download them.
   WARNING: Skipping
   http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml
   file which is referenced from XCCDF content

The scan goes off/generates reports, but in order to heed the the 
WARNING, I try to get the latest remote OVAL file


   oscap xccdf eval --fetch-remote-resources --profile
   xccdf_org.ssgproject.content_profile_common --report
   /tmp/report-remote.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
   Downloading:
   http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml
   ... ok
   OpenSCAP Error: Unable to parse XML from user memory buffer
   [oscap_source.c:254]
   Failed to create OVAL definition model from:
   'http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_7.xml'.
   [xccdf_session.c:787]

and the scan terminates. Is that a problem with the remote file 
(Red_Hat_Enterprise_Linux_7.xml) or an 'oscap' bug?


___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] SCAP workbench on Windows 7

2018-01-17 Thread Przemek Klosowski


On 01/17/2018 03:20 PM, Sachin Vyas wrote:
Since facing issue with SCAP workbench on Windows 7, installed SCAP 
workbench on remote Linux machine and started vnc and then 
/usr/bin/scap-workbench on it. It shows the GUI and all the options. I 
select remote scan and provide username and hostname and click scan 
but get this error


(gnome-ssh-askpass:20956): Gtk-WARNING **: cannot open display: :0 
Permission denied, please try again. (gnome-ssh-askpass:20957): 
Gtk-WARNING **: cannot open display: :0 Permission denied, please try 
again. (gnome-ssh-askpass:20958): Gtk-WARNING **: cannot open display: 
:0 Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).


So you're saying that you VNC to the Linux box, log in as some Linux 
user, run scap-workbench (still on that remote Linux box). Then you run 
a remote scan against a third box? Try running the whole thing from the 
physical console of your new LInux box---I wonder if there's some 
confusion with passing along X from the third box to the second one and 
back to your desktop.


___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] OSCAP for Windows

2018-12-21 Thread Przemek Klosowski


On 12/21/18 12:21 PM, Mohanraj, Bharath wrote:


Thank-you.. I did try your suggestion, but no luck.

And yes, though XP is out of support, some of the machines at my 
customer’s infrastructure still run on it. So, I have to somehow get 
oscap working here.


It seems to me that recompiling from source on XP is the only way, then. 
I haven't done it myself but it should work: you need to get and install 
Visual Studio or GCC (cygwin or MinGW) and run the build.
___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] removing telnet client breaks fence agents

2019-11-01 Thread Przemek Klosowski


On 11/1/19 1:29 PM, Gabe Alford wrote:


On Fri, Nov 1, 2019 at 10:46 AM Trevor Vaughan > wrote:


I don't see a reason to remove the rule in general but:

1) Having the telnet *client* present isn't really a big deal if
you have pretty much any scripting language, or modern SSH that
allows the NULL cipher


IIRC as of one of the OpenSSH 7.6 releases, a cipher of `none` is no 
longer allowed.


OK, netcat ('nc') then, or a two-line TCL/Perl/Python  script that opens 
a socket. Or just open it in the shell via the /dev/ filesystem network 
socket nodes:


exec 3<>/dev/tcp/mytelnetbox.example.com/23

___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] fetch remote resources on RHEL7 fails

[Open-scap] fetch remote resources on RHEL7 fails

Re: [Open-scap] SCAP workbench on Windows 7

Re: [Open-scap] OSCAP for Windows

Re: [Open-scap] removing telnet client breaks fence agents

5 matches

Site Navigation

Mail list logo

Footer information