[Open-scap] new to oscap. Question about oscap results

Simon Lukasik slukasik at redhat.com
Mon Oct 22 15:52:23 UTC 2012 

On 10/22/2012 04:49 PM, wm-lists wrote:
> I have downloaded the latest oscap files via git, and executed a profile
> on a RHEL6 box using the content, but my results seem to be full of
> *null* and maybe one or two *pass*. 
> 

That's definitely not expected. We've looked into this, but we are
failing to reproduce the issue.

Sometimes people happen to mix locally built oscap tool with globally
installed library. Can you please verify that the following versions do
matches for You:

  $ rpm -q openscap

  $ oscap --version | head -n 1

Also, are You able to reproduce this issues with package installed by
rpm? You can use rpm packages either
 - from your provider
 - our today's unofficial build at
http://repos.fedorapeople.org/repos/gitopenscap/openscap/epel-6/

> Am I missing a step here?  any guidance would be greatly appreciated.
>  I'm looking at integrating this with my employers Satellite
> installation and am very interested in the security implications of this.
> 

Great, good luck!

I wonder, if you really need latest openscap for this? Isn't the
official build of openscap from Your provider good enough?

> Thanks!
> Will
> 
> #oscap xccdf eval --profile server dist/content/ssg-rhel6-xccdf.xml
> 
> Rule ID:        partition_for_tmp
> Title:          Ensure /tmp Located On Separate Partition
> Result:         (null)
> 
> Rule ID:        partition_for_var
> Title:          Ensure /var Located On Separate Partition
> Result:         (null)
> 
> Rule ID:        partition_for_var_log
> Title:          Ensure /var/log Located On Separate Partition
> Result:         (null)
> 
> Rule ID:        partition_for_var_log_audit
> Title:          Ensure /var/log/audit Located On Separate Partition
> Result:         (null)
> 
> Rule ID:        partition_for_home
> Title:          Ensure /home Located On Separate Partition
> Result:         (null)
> 
> Rule ID:        ensure_redhat_gpgkey_installed
> Title:          Ensure Red Hat GPG Key Installed
> Result:         (null)
> 
> Rule ID:        service_rhnsd_disabled
> Title:          Disable Red Hat Network Service (rhnsd)
> Result:         (null)
> 
> Rule ID:        security_patches_up_to_date
> Title:          Ensure Software Patches Installed
> Result:         (null)
> 
> Rule ID:        ensure_gpgcheck_globally_activated
> Title:          Ensure gpgcheck Enabled In Main Yum Configuration
> Result:         (null)
> 
> Rule ID:        ensure_gpgcheck_never_disabled
> Title:          Ensure gpgcheck Enabled For All Yum Package Repositories
> Result:         (null)
> 
> 
> 
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list


-- 
Simon Lukasik
Security Technologies

More information about the Open-scap-list mailing list