Re: [Open-scap] stig-viewer

2019-10-29 Thread Bruno Czenczelewski 
Alex,

Thanks for the suggestions. Unfortunately, even after replacing the references, 
the stig-viewer output was missing the results.

I was, however, able to use 
"U_Red_Hat_Enterprise_Linux_7_V2R4_STIG_SCAP_1-2_Benchmark.xml" in oscap after 
changing the "schematron-version" value to 1.2.  I also learned that the new 
(2.9.1) version of the stig viewer tool works without requiring the use of the 
"--stig-viewer" option in oscap.

Thanks again for your assistance and patience!
Bruno



Bruno Czenczelewski

br...@fibermountain.com
352 Knotter Drive
Cheshire, CT06410
www.fibermountain.com
P. (203) 806-4040
C. (203) 806-4040
F. (845) 358-7882

Disclaimer: The information contained in this communication is confidential, 
may be privileged and is intended for the exclusive use of the above named 
addressee(s). If you are not the intended recipient(s), you are expressly 
prohibited from copying, distributing, disseminating, or in any other way using 
any information contained within this communication. If you have received this 
communication in error, please contact the sender by telephone or by response 
via mail. We have taken precautions to minimize the risk of transmitting 
software viruses, but we advise you to carry out your own virus checks on this 
message, as well as any attachments. We cannot accept liability for any loss or 
damage caused by software viruses.

-Original Message-
From: Alexander Bergmann
Sent: Tuesday, October 29, 2019 7:48 AM
To: Bruno Czenczelewski 
Cc: open-scap-list@redhat.com
Subject: Re: [Open-scap] stig-viewer

External Email

___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] stig-viewer

2019-10-29 Thread Alexander Bergmann 
spp
> Referenced check files:
> ssg-rhel7-oval.xml
> system: 
> http://oval.mitre.org/XMLSchema/oval-definitions-5
> ssg-rhel7-ocil.xml
> system: http://scap.nist.gov/schema/ocil/2
> 
> https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml
> system: 
> http://oval.mitre.org/XMLSchema/oval-definitions-5
> Ref-Id: scap_org.open-scap_cref_ssg-rhel7-pcidss-xccdf-1.2.xml
> Status: draft
> Generated: 2019-09-02
> Resolved: true
> Profiles:
> Title: PCI-DSS v3.2.1 Control Baseline for Red Hat 
> Enterprise Linux 7
> Id: 
> xccdf_org.ssgproject.content_profile_pci-dss_centric
> Referenced check files:
> ssg-rhel7-oval.xml
> system: 
> http://oval.mitre.org/XMLSchema/oval-definitions-5
> ssg-rhel7-ocil.xml
> system: http://scap.nist.gov/schema/ocil/2
> 
> https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml
> system: 
> http://oval.mitre.org/XMLSchema/oval-definitions-5
> Checks:
> Ref-Id: scap_org.open-scap_cref_ssg-rhel7-oval.xml
> Ref-Id: scap_org.open-scap_cref_ssg-rhel7-ocil.xml
> Ref-Id: scap_org.open-scap_cref_ssg-rhel7-cpe-oval.xml
> Ref-Id: scap_org.open-scap_cref_ssg-rhel7-oval.xml000
> Ref-Id: scap_org.open-scap_cref_ssg-rhel7-ocil.xml000
> Dictionaries:
> Ref-Id: scap_org.open-scap_cref_ssg-rhel7-cpe-dictionary.xml
> 
> 
> 
> 
> 
> Bruno Czenczelewski
> 
> br...@fibermountain.com
> 352 Knotter Drive
> Cheshire, CT06410
> www.fibermountain.com
> P. (203) 806-4040
> C. (203) 806-4040
> F. (845) 358-7882
> 
> Disclaimer: The information contained in this communication is confidential, 
> may be privileged and is intended for the exclusive use of the above named 
> addressee(s). If you are not the intended recipient(s), you are expressly 
> prohibited from copying, distributing, disseminating, or in any other way 
> using any information contained within this communication. If you have 
> received this communication in error, please contact the sender by telephone 
> or by response via mail. We have taken precautions to minimize the risk of 
> transmitting software viruses, but we advise you to carry out your own virus 
> checks on this message, as well as any attachments. We cannot accept 
> liability for any loss or damage caused by software viruses.
> 
> -Original Message-
> From: Alexander Bergmann
> Sent: Friday, October 25, 2019 9:36 AM
> To: Bruno Czenczelewski 
> Cc: open-scap-list@redhat.com
> Subject: Re: [Open-scap] stig-viewer
> 
> External Email

-- 
Alexander Bergmann 
Security Engineer, GPG: E30A 65A4 0F50 0066 B2B5  F614 DE54 E875 9FFA 4886
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nuremberg, Germany
(HRB 36809, AG Nürnberg)
Managing Director: Felix Imendörffer


signature.asc
Description: PGP signature
___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] stig-viewer

2019-10-25 Thread Bruno Czenczelewski 
7-oval.xml
Ref-Id: scap_org.open-scap_cref_ssg-rhel7-ocil.xml
Ref-Id: scap_org.open-scap_cref_ssg-rhel7-cpe-oval.xml
Ref-Id: scap_org.open-scap_cref_ssg-rhel7-oval.xml000
Ref-Id: scap_org.open-scap_cref_ssg-rhel7-ocil.xml000
Dictionaries:
Ref-Id: scap_org.open-scap_cref_ssg-rhel7-cpe-dictionary.xml





Bruno Czenczelewski

br...@fibermountain.com
352 Knotter Drive
Cheshire, CT06410
www.fibermountain.com
P. (203) 806-4040
C. (203) 806-4040
F. (845) 358-7882

Disclaimer: The information contained in this communication is confidential, 
may be privileged and is intended for the exclusive use of the above named 
addressee(s). If you are not the intended recipient(s), you are expressly 
prohibited from copying, distributing, disseminating, or in any other way using 
any information contained within this communication. If you have received this 
communication in error, please contact the sender by telephone or by response 
via mail. We have taken precautions to minimize the risk of transmitting 
software viruses, but we advise you to carry out your own virus checks on this 
message, as well as any attachments. We cannot accept liability for any loss or 
damage caused by software viruses.

-Original Message-
From: Alexander Bergmann
Sent: Friday, October 25, 2019 9:36 AM
To: Bruno Czenczelewski 
Cc: open-scap-list@redhat.com
Subject: Re: [Open-scap] stig-viewer

External Email

___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list

Re: [Open-scap] stig-viewer

2019-10-25 Thread Alexander Bergmann 
Hi Bruno,

you are on the latest versions, so that makes me scratch my head. There
was a problem with the new DISA STIG Viewer references inside the
security-guide. It was already fixed inside openscap.

Details can be found here:

https://lists.fedorahosted.org/archives/list/scap-security-gu...@lists.fedorahosted.org/thread/SEUROBIB35TEENZCUK7XTPYPFSK32VKZ/

Can you check which reference is used inside your XCCDF profile?


Regards,
Alex~

On Fri, Oct 25, 2019 at 01:18:23PM +, Bruno Czenczelewski wrote:
> The output of the --stig-viewer option does not contain test results when 
> used with latest (0.1.46) version of the security-guide. I'm using the latest 
> (1.3.2, from the maint-1.3 branch) version of the openscap tools downloaded 
> from the github-openscap repo.
> 
> oscap -V
> OpenSCAP command line tool (oscap) 1.3.2
> Copyright 2009--2018 Red Hat Inc., Durham, North Carolina.
> 
>  Supported specifications 
> XCCDF Version: 1.2
> OVAL Version: 5.11.1
> CPE Version: 2.3
> CVSS Version: 2.0
> CVE Version: 2.0
> Asset Identification Version: 1.1
> Asset Reporting Format Version: 1.1
> CVRF Version: 1.1
> 
> 
> The resulting output file is missing the "rule-result" section when compared 
> to using the 0.1.44 version of the security-guide:
> 
>severity="medium" weight="1.00">
> pass
> https://nvd.nist.gov/cce/index.cfm";>CCE-80436-9
> http://oval.mitre.org/XMLSchema/oval-definitions-5";>
>name="oval:ssg-mount_option_noexec_remote_filesystems:def:1" 
> href="ssg-rhel7-oval.xml"/>
> 
>   
> 
> 
> Thanks for any guidance.
> 
> Bruno Czenczelewski
> 
> 
> 
> [cid:FMIDec2016.png]
> 
> 
> Bruno Czenczelewski
> 
> 
> br...@fibermountain.com
> 
> 
> 352 Knotter Drive
> Cheshire, CT06410
> www.fibermountain.com
> 
> 
> [cid:redline.jpg]
> 
> 
> P. (203) 806-4040
> C. (203) 806-4040
> F. (845) 358-7882
> 
> 
> 
> 
> 
> Disclaimer: The information contained in this communication is confidential, 
> may be privileged and is intended for the exclusive use of the above named 
> addressee(s). If you are not the intended recipient(s), you are expressly 
> prohibited from copying, distributing, disseminating, or in any other way 
> using any information contained within this communication. If you have 
> received this communication in error, please contact the sender by telephone 
> or by response via mail. We have taken precautions to minimize the risk of 
> transmitting software viruses, but we advise you to carry out your own virus 
> checks on this message, as well as any attachments. We cannot accept 
> liability for any loss or damage caused by software viruses.
> 




> ___
> Open-scap-list mailing list
> Open-scap-list@redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list


-- 
Alexander Bergmann 
Security Engineer, GPG: E30A 65A4 0F50 0066 B2B5  F614 DE54 E875 9FFA 4886
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nuremberg, Germany
(HRB 36809, AG Nürnberg)
Managing Director: Felix Imendörffer


signature.asc
Description: PGP signature
___
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list