We would love to accept patches for these issues.
Especially for the segfault. However, we are interested also in amending
the test suite so it can pass on any Linux system.
Best,
~š.
On 03/16/2016 11:35 AM, S, Gautam wrote:
Hi folks,
I am building and trying to test openscap on SLES SP3. Upon running
“make check”, there are a few places where the test cases fail.
1)Process58 probe failures
Making check in process58
make[3]: Entering directory
`/root/SSG-Build/openscap/tests/probes/process58'
make check-TESTS
make[4]: Entering directory
`/root/SSG-Build/openscap/tests/probes/process58'
----------------------------------------------------------------------
+ Ensure that selinux_domain_label is collected [ WARN ]
+ Ensure that tty number is translated into name [ FAIL ]
+ Ensure loguid return unsigned int (cat /proc/ID/loginuid) [ FAIL ]
+ Ensure sessionid is correct [ FAIL ]
+ Ensure capabilities with OVAL 5.11 [ FAIL ]
+ Ensure that command_line is collected [ FAIL ]
--------------------------------------------------
See tests/probes/process58/tests_probes_process88.log.
FAIL: all.sh
==========================================
1 of 1 tests failed
Please report to open-scap-list@redhat.com
==========================================
make[4]: *** [check-TESTS] Error 1
make[4]: Leaving directory `/root/SSG-Build/openscap/tests/probes/process58'
make[3]: *** [check-am] Error 2
make[3]: Leaving directory `/root/SSG-Build/openscap/tests/probes/process58'
make[2]: *** [check-recursive] Error 1
make[2]: Leaving directory `/root/SSG-Build/openscap/tests/probes'
make[1]: *** [check-recursive] Error 1
make[1]: Leaving directory `/root/SSG-Build/openscap/tests'
make: *** [check-recursive] Error 1
The log file contains a segmentation fault and what appears to be a sed
command syntax error (???).
2)Run-level probe failures
Making check in runlevel
make[3]: Entering directory `/root/SSG-Build/openscap/tests/probes/runlevel'
make check-TESTS
make[4]: Entering directory `/root/SSG-Build/openscap/tests/probes/runlevel'
----------------------------------------------------------------------
+ test_probes_runlevel_A [ WARN ]
+ test_probes_runlevel_B [ FAIL ]
+ test_probes_runlevel_C [ FAIL ]
--------------------------------------------------
See tests/probes/runlevel/test_probes_runlevel.log.
FAIL: test_probes_runlevel.sh
==========================================
1 of 1 tests failed
Please report to open-scap-list@redhat.com
==========================================
None of the OVAL definitions are evaluated to True/False as I am seeing
in RHEL. Evaluation throws error.
I am seeing that definitions using run-levels seem to not get evaluated
correctly outside the context of the test as well. I have used the SSG
OVAL file for RHEL here to illustrate this. Irrespective of sshd state,
the definition returns true:
# oscap oval eval --id oval:ssg-service_sshd_disabled:def:1 sles11-oval.xml
Definition oval:ssg-service_sshd_disabled:def:1: true
Evaluation done.
# chkconfig --list sshd
sshd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
#
# chkconfig sshd on
# chkconfig --list sshd
sshd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
# oscap oval eval --id oval:ssg-service_sshd_disabled:def:1 sles11-oval.xml
Definition oval:ssg-service_sshd_disabled:def:1: true
Evaluation done.
Attaching both the log file to this mail.
Thank you.
Regards,
Gautam
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list
--
~š.
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list
