[Open-scap] SecState Evaluation

[Steve Grubb]

On Tuesday, December 11, 2012 09:59:02 PM Rodrian, Logan P wrote:
> Hello-
> 
> Along with the recent release of CLIP, I have begun using SecState to
> perform auditing and remediation for my system.  In performing these tasks
> and viewing the reports, I found that there were multiple issues with the
> checks being performed incorrectly.
> >From the common profile, which is what I am running, I found the following:
>     Check Incorrect (Pre Remediation)     15
>     Check Incorrect (Post Remediation)    15+19 (34)
> 
> I have compiled a spreadsheet documenting my findings.
> 
> I have contacted the SecState mailing list and I was directed to submit
> identified errors in the checks to this list.  I have attached 2 CSV files
> containing both the Pre and Post incorrectness as well as the larger XLS
> spreadsheet.

The problem could be in 3 places: the content, openscap, or secstate. Writing 
good content is hard. Much harder than it should be due to lack of good 
authoring tools. Perhaps you are on an old version of openscap and these are 
fixed?


> Please take a look at the findings.  If you could provide any detail on the
> status/state of these issues (are they already known?  are these new?)

What OS are you using?
What version of openscap?
What version of secstate?
What content and its version number?

Without any of these its hard to reproduce.


> and/or the planned date of future release that may include any fixes, it
> would be much appreciated.  Additionally, if there is a single point of
> contact appropriate to work with on this, that information would be useful.

This is the openscap list which provides its own security scanner, oscap. You 
may be asked to reproduce the problem using the oscap utility to see if there 
is still a problem. But lets start with just letting us know the versions of 
the different pieces.

Thanks,
-Steve