[Open-scap] new to oscap. Question about oscap results

wm-lists wm-lists at nixpeeps.com
Mon Oct 22 16:36:05 UTC 2012 

I'm using the openscap rpm's from Red Hat (via RHN)
# rpm -q openscap
openscap-0.8.0-2.el6.x86_64

# oscap --version | head -n 1
OSCAP util (oscap) 0.8.0

As far as the content goes, that is the content I downloaded via git this
morning.
I can reproduce the "null"'s pretty much everytime.


On Mon, Oct 22, 2012 at 11:52 AM, Simon Lukasik <slukasik at redhat.com> wrote:

> On 10/22/2012 04:49 PM, wm-lists wrote:
> > I have downloaded the latest oscap files via git, and executed a profile
> > on a RHEL6 box using the content, but my results seem to be full of
> > *null* and maybe one or two *pass*.
> >
>
> That's definitely not expected. We've looked into this, but we are
> failing to reproduce the issue.
>
> Sometimes people happen to mix locally built oscap tool with globally
> installed library. Can you please verify that the following versions do
> matches for You:
>
>   $ rpm -q openscap
>
>   $ oscap --version | head -n 1
>
> Also, are You able to reproduce this issues with package installed by
> rpm? You can use rpm packages either
>  - from your provider
>  - our today's unofficial build at
> http://repos.fedorapeople.org/repos/gitopenscap/openscap/epel-6/
>
> > Am I missing a step here?  any guidance would be greatly appreciated.
> >  I'm looking at integrating this with my employers Satellite
> > installation and am very interested in the security implications of this.
> >
>
> Great, good luck!
>
> I wonder, if you really need latest openscap for this? Isn't the
> official build of openscap from Your provider good enough?
>
> > Thanks!
> > Will
> >
> > #oscap xccdf eval --profile server dist/content/ssg-rhel6-xccdf.xml
> >
> > Rule ID:        partition_for_tmp
> > Title:          Ensure /tmp Located On Separate Partition
> > Result:         (null)
> >
> > Rule ID:        partition_for_var
> > Title:          Ensure /var Located On Separate Partition
> > Result:         (null)
> >
> > Rule ID:        partition_for_var_log
> > Title:          Ensure /var/log Located On Separate Partition
> > Result:         (null)
> >
> > Rule ID:        partition_for_var_log_audit
> > Title:          Ensure /var/log/audit Located On Separate Partition
> > Result:         (null)
> >
> > Rule ID:        partition_for_home
> > Title:          Ensure /home Located On Separate Partition
> > Result:         (null)
> >
> > Rule ID:        ensure_redhat_gpgkey_installed
> > Title:          Ensure Red Hat GPG Key Installed
> > Result:         (null)
> >
> > Rule ID:        service_rhnsd_disabled
> > Title:          Disable Red Hat Network Service (rhnsd)
> > Result:         (null)
> >
> > Rule ID:        security_patches_up_to_date
> > Title:          Ensure Software Patches Installed
> > Result:         (null)
> >
> > Rule ID:        ensure_gpgcheck_globally_activated
> > Title:          Ensure gpgcheck Enabled In Main Yum Configuration
> > Result:         (null)
> >
> > Rule ID:        ensure_gpgcheck_never_disabled
> > Title:          Ensure gpgcheck Enabled For All Yum Package Repositories
> > Result:         (null)
> >
> >
> >
> > _______________________________________________
> > Open-scap-list mailing list
> > Open-scap-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/open-scap-list
>
>
> --
> Simon Lukasik
> Security Technologies
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20121022/225fa5f7/attachment.htm>

More information about the Open-scap-list mailing list