Re: [Open-scap] filter not working for file_object

Hi Pravin, When you eliminate the filter and receive a listing of files shown below: I can confirm that there are suid files in /bin. /bin/eject /bin/su /bin/umount /bin/mount /bin/ping /bin/ping6 You confirm that those are all suid files. Your filter is testing for files which are BOTH suid an

Re: [Open-scap] Implementation for an AppArmor probe.

Bruno, Support for the apparmor test construct was put into the mainstream Linux schema as of the OVAL 5.11.2 release. The 5.11.2 schemas can be found here - https://github.com/OVALProject/Language/tree/master/schemas As for sample content that wouldn’t necessarily be under the scrutiny of a CI

Re: [Open-scap] When to expect OVAL probes for OpenShift?

Hey Shawn, I’ll add to Steve’s point that if there is not current OVAL support for the constructs you need, then the new OVAL tests/objects/states/items would need to be created in either a new OVAL schema or (more likely) as additions to the existing Linux schema. Once created a proposal can b

Re: [Open-scap] Trouble Scanning OVAL from CIS Repository

Those extensions are only in the CIS benchmark content and not part of the OVAL repository. I plan on taking a look at the specific content mentioned in the thread to see what I can see. Cheers Bill M (CIS) Get Outlook for iOS On Thu, Aug 15, 2019 at 7:49 AM -0400, "T

Re: [Open-scap] Trouble Scanning OVAL from CIS Repository

Tim, I guess the first thing I would ask is why you’re downloading the full OVAL XML file. That file, as you can see is huge, and contains ALL the definitions in the entire repository. I can make an educated guess that your Fedora-based system doesn’t need to assess against every Windows defin