<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Thank you for clearing that up.<br>
<br>
<div class="moz-cite-prefix">On 2/27/15 9:40 AM, Shawn Wells wrote:<br>
</div>
<blockquote cite="mid:54F0AC13.2040108@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">On 2/27/15 12:33 PM, Ray Blair wrote:<br>
</div>
<blockquote cite="mid:54F0AA79.60601@comcast.net" type="cite">
<p class="MsoNormal"><span style="color:#1F497D">I am using
scap-security-guide-0.1.20.tar and OpenSCAP version 1.0.3.2
that ships with rhel7</span></p>
<p class="MsoNormal"><span style="color:#1F497D">The command I
am running is:</span></p>
<p class="MsoNormal"><span style="color:#1F497D">oscap xccdf
eval –profile stig-rhel7-server-upstream –cpe
ssg-rhel7-cpe-dictionary.xml –reports “somefilename”
--results “somefilename” ssg-rhel7-xccdf.xml</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span
style="color:#1F497D">It seems to run fine until I add more
checks. For instance if I enable check kdump service it
comes back with notchecked. I get the same results for most
additional checks. I have tried several iterations of
running with and without specifying the profile, cpe
dictionary file and have tried using a tailoring file and
get the same results.</span> </p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><span
style="color:#1F497D">I got the latest OpenSCAP version
(1.2.1-0.1) and compiled it with the --enable–sce option.
Now the results are notapplicable instead of notchecked. I
am not sure if this is progress. I also tried several other
compiler options with the same results . I am probably
missing something simple.</span> </p>
</blockquote>
<br>
SSG's RHEL7 content is still in active churn (which is part of why
it's not shipping in RHEL7 yet). Much of the underlying OVAL
content hasn't been ported from RHEL6 to RHEL7 yet, which is
likely causing the notchecked results. <br>
<br>
Here's the upstream repo of OVAL checks:<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/7/input/checks">https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/7/input/checks</a><br>
<br>
Or expressed another way, for the 406 RHEL7 XCCDF rules, only 131
have OVAL so far:<br>
$ grep -rin "<Rule" RHEL/7/input/ | wc -l<br>
406<br>
$ ls RHEL/7/input/checks/ | wc -l<br>
131<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Open-scap-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Open-scap-list@redhat.com">Open-scap-list@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/open-scap-list">https://www.redhat.com/mailman/listinfo/open-scap-list</a></pre>
</blockquote>
<br>
</body>
</html>