<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 1/30/13 11:38 AM, Snyder, Chris
wrote:<br>
</div>
<blockquote
cite="mid:BFD6B7398AEB474A9A28B39B9B5D00CB0C1D8363@SRAexMBX05.sra.com"
type="cite">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal">I’m trying to understand my findings from
applying the latest RHEL5 STIG Benchmark against one of my RHEL5
hosts. The results appear to indicate some false positives and
I don’t know how to determine if that is indeed the case or not.
Ultimately, I would love to gain more insight into how to
determine what tests are being performed by openscap for a given
STIG/XCCDF/OVAL item or at least how to find out the results of
the tests being run, i.e. I want to understand WHY openscap is
reporting these items as failed.</p>
</blockquote>
<br>
To make things a bit more consumable you can utilize OpenSCAP's
"generate guide," turning the STIG into something that is actually
readable:<br>
<br>
<meta charset="utf-8">
<meta charset="utf-8">
$ oscap xccdf generate guide \<br>
/tmp/U_RedHat_5-V1R1_STIG_Benchmark-xccdf.xml \ <br>
> /tmp/U_RedHat_5-V1R1_STIG_Benchmark.html<br>
<br>
Pull up /tmp/U_RedHat_5-V1R1_STIG_Benchmark.html in your favorite
browser and look around.<br>
<br>
<br>
When you run a scan you can have OpenSCAP generate an HTML report
which gives more details around failures:<br>
<br>
$ sudo sh -c "oscap xccdf eval --profile MAC-1_Public \<br>
--results stig-xccdf-results.xml \<br>
--report /tmp/`hostname`-stigscanresults.html \<br>
--oval-results \<br>
--cpe-dict /tmp/U_RedHat_5-V1R1_STIG_Benchmark-cpe-dictionary.xml \<br>
/tmp/U_RedHat_5-V1R1_STIG_Benchmark-xccdf.xml"<br>
<br>
View /tmp/`hostname`-stigscanresults.html in your browser and click
on some of the failed items. Many give you details under the
"Remediation Script" section.<br>
<br>
Here is my report against a generic RHEL 5.8 install, for example:<br>
<a class="moz-txt-link-freetext" href="https://blog-shawndwells.rhcloud.com/wp-content/uploads/2012/10/stigscanresults-beforeaqueduct.html">https://blog-shawndwells.rhcloud.com/wp-content/uploads/2012/10/stigscanresults-beforeaqueduct.html</a><br>
<br>
Here is the process that I use for STIGing a RHEL5 box, using
OpenSCAP+Aqueduct:<br>
<a class="moz-txt-link-freetext" href="https://blog-shawndwells.rhcloud.com/2012/10/how-to-stig-a-red-hat-enterprise-linux-rhel5-machine/">https://blog-shawndwells.rhcloud.com/2012/10/how-to-stig-a-red-hat-enterprise-linux-rhel5-machine/</a><br>
<br>
<br>
</body>
</html>