[Open-scap] EXTERNAL: Re: Issues with open-scap 0.9.1 and 0.9.2 on RHEL6 (UNCLASSIFIED)
Shaw, Ray V CTR (US)
ray.v.shaw.ctr at mail.mil
Tue Nov 20 18:18:26 UTC 2012
Classification: UNCLASSIFIED
Caveats: NONE
The --cpe option worked for me when using the scap-security-guide XCCDF
content, but not when using the RHEL5 STIG XCCDF content (though once I used
the sed fix on the STIG content, using the --cpe option as well seemed
harmless). I can live with that; it means I'll only have to modify files in
something I have to package myself anyway.
--
Ray Shaw
Contractor, STG
Unix support, Army Research Labs
> -----Original Message-----
> From: Albrecht, Thomas C [mailto:thomas.c.albrecht at lmco.com]
> Sent: Tuesday, November 20, 2012 11:45 AM
> To: Shaw, Ray V CTR (US); open-scap-list at redhat.com
> Subject: RE: EXTERNAL: Re: [Open-scap] Issues with open-scap 0.9.1 and
> 0.9.2 on RHEL6 (UNCLASSIFIED)
>
> FYI, the "sed" fix worked for me. The --cpe option did not.
>
> Tom Albrecht III, CISSP-ISSEP, GPEN
> Information Assurance Engineer
> Lockheed Martin IS&GS
>
> -----Original Message-----
> From: open-scap-list-bounces at redhat.com
> [mailto:open-scap-list-bounces at redhat.com] On Behalf Of Shaw, Ray V CTR
> (US)
> Sent: Tuesday, November 20, 2012 11:10 AM
> To: open-scap-list at redhat.com
> Subject: EXTERNAL: Re: [Open-scap] Issues with open-scap 0.9.1 and
> 0.9.2 on
> RHEL6 (UNCLASSIFIED)
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
> > -----Original Message-----
> > From: Spencer R. Shimko [mailto:sshimko at tresys.com] Is this really
> > RHEL or is it CentOS?
> >
> > Recently we had to start stripping out platform tags to get accurate
> > results:
> > sed -i -r -e "s/<platform.*//g" /usr/local/scap-security-
> > guide/RHEL6/output/ssg-rhel6-xccdf.xml
>
> It's really RHEL. And thanks for the suggestion; modifying the content
> as
> above allows me to scan with both sets of content using 0.9.2. The
> scoring
> seems to be working much better for the STIG content (over 0.9.0), and
> a few
> checks that were incorrectly failing are now behaving as expected.
>
> (Just saw the reply from Simon Lukasik; I'll have to try the --cpe
> option as
> well.)
>
> Thanks all,
>
> --
> Ray Shaw
> Contractor, STG
> Unix support, Army Research Labs
>
> Classification: UNCLASSIFIED
> Caveats: NONE
>
Classification: UNCLASSIFIED
Caveats: NONE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5621 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20121120/c11a14fe/attachment.bin>
More information about the Open-scap-list
mailing list