Re: [Open-scap] When to expect OVAL probes for OpenShift?

2019-02-04 Thread Steve Grubb
On Mon, 4 Feb 2019 12:11:32 -0500 Shawn Wells wrote: > On 2/4/19 6:08 PM, Steve Grubb wrote: > > On Mon, 4 Feb 2019 11:06:00 -0500 > > Shawn Wells wrote: > > > >> When can OpenSCAP probes be expected for OpenShift? > > > Are you talking about new OVAL tests? > > Probes so that OVAL tests

Re: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS

2019-02-04 Thread Boucher, William
Thanks Gary! Got your other note. Will look into your comments there and will pursue going after RedHawk 6.5 (my other task) using RedHat 5.5 OpenScap and DISA xccdf, oval, etc. for that (as suggested by RedHawk folks), if I get stuck on Ubuntu, to validate the current oscap process and work

Re: [Open-scap] Ubuntu Security Guide content

2019-02-04 Thread Boucher, William
Hi Todd and Jan, Please excuse me, I do not intend to hijack Jan's thread but I believe the following may be related enough to be helpful. These OpenSCAP CPE files exist on my system at /usr/local/share/openscap/cpe/, after compiling openscap from source on my machine. But neither they nor the

Re: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS

2019-02-04 Thread Boucher, William
Gary, Is anybody looking at this on the development side (determining why so many rules end up nonapplicable and if the passes and fails are the result of an accurate evaluation)? Thanks, --Bill William B. Boucher, BSEE Embedded Systems Software Engineer Information Systems

Re: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS

2019-02-04 Thread Boucher, William
Gary, Similar results with Ububtu 16.04. Not all results were notapplicable, score was given as 25%. After building openscap and ComplianceAsCode/content I ran: sudo oscap xccdf eval –profile standard –results ./xccdf-results.xml –cpe

Re: [Open-scap] When to expect OVAL probes for OpenShift?

2019-02-04 Thread William Munyan
Hey Shawn, I’ll add to Steve’s point that if there is not current OVAL support for the constructs you need, then the new OVAL tests/objects/states/items would need to be created in either a new OVAL schema or (more likely) as additions to the existing Linux schema. Once created a proposal can

Re: [Open-scap] Ubuntu Security Guide content

2019-02-04 Thread Todd Williams
Hi Bill, I installed by using apt-get and I did not compile the code. And it did not put the /usr/share/openscap/cpe/openscap-cpe-dict.xml and openscap-cpe-oval.xml files at all. That's why I was looking for them with Ububtu 18 in it. I just looked at the dict and oval file sin the link Jan

Re: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS

2019-02-04 Thread Gary Gapinski
I can look but if your oxygen will run out before 48 hours you may wish to order out for extra. On 2/4/19 11:05 AM, Boucher, William wrote: Gary,   Is anybody looking at

Re: [Open-scap] When to expect OVAL probes for OpenShift?

2019-02-04 Thread Steve Grubb
On Mon, 4 Feb 2019 11:06:00 -0500 Shawn Wells wrote: > When can OpenSCAP probes be expected for OpenShift? Are you talking about new OVAL tests? -Steve > Need ability to parse configuration data that would be returned by > "oc get" style commands. > > Thanks! > >

Re: [Open-scap] When to expect OVAL probes for OpenShift?

2019-02-04 Thread Shawn Wells
On 2/4/19 6:08 PM, Steve Grubb wrote: On Mon, 4 Feb 2019 11:06:00 -0500 Shawn Wells wrote: When can OpenSCAP probes be expected for OpenShift? Are you talking about new OVAL tests? Probes so that OVAL tests could be created. Akin to the systemd probes.

Re: [Open-scap] Ubuntu Security Guide content

2019-02-04 Thread Jan Cerny
Hi, You're correct it's missing CPE dictionary and CPE OVAL. The files are located here: https://github.com/OpenSCAP/openscap/blob/maint-1.2/cpe/openscap-cpe-dict.xml https://github.com/OpenSCAP/openscap/blob/maint-1.2/cpe/openscap-cpe-oval.xml They're list of platform definitions based on which