[Open-scap] new to oscap. Question about oscap results

wm-lists wm-lists at nixpeeps.com
Mon Oct 22 16:45:57 UTC 2012 

As a followup, I'm guessing it has something to do with the very old rpm's
that Red Hat is currently using.  I upgraded the RPM's to 0.9.0-1 and
everything worked great.

# rpm -qa openscap
openscap-0.9.0-1.el6.x86_64
# oscap --version | head -1
OSCAP util (oscap) 0.9.0

# oscap xccdf eval --profile common output/ssg-rhel6-xccdf.xml

Rule ID:        partition_for_tmp
Title:          Ensure /tmp Located On Separate Partition
Result:         pass

Rule ID:        partition_for_var
Title:          Ensure /var Located On Separate Partition
Result:         pass

Rule ID:        partition_for_var_log
Title:          Ensure /var/log Located On Separate Partition
Result:         fail

Rule ID:        partition_for_var_log_audit
Title:          Ensure /var/log/audit Located On Separate Partition
Result:         fail

Rule ID:        partition_for_home
Title:          Ensure /home Located On Separate Partition
Result:         pass

Rule ID:        ensure_redhat_gpgkey_installed
Title:          Ensure Red Hat GPG Key Installed
Result:         pass

Rule ID:        service_rhnsd_disabled
Title:          Disable Red Hat Network Service (rhnsd)
Result:         fail

Rule ID:        security_patches_up_to_date
Title:          Ensure Software Patches Installed
Result:         notchecked

Rule ID:        ensure_gpgcheck_globally_activated
Title:          Ensure gpgcheck Enabled In Main Yum Configuration
Result:         pass

Rule ID:        ensure_gpgcheck_never_disabled
Title:          Ensure gpgcheck Enabled For All Yum Package Repositories
Result:         pass

Rule ID:        install_aide
Title:          Install AIDE
Result:         fail

Rule ID:        enable_selinux_bootloader
Title:          Ensure SELinux Not Disabled in /etc/grub.conf
Result:         pass

Rule ID:        no_rsh_trust_files
Title:          Remove Rsh Trust Files
Result:         pass


On Mon, Oct 22, 2012 at 12:36 PM, wm-lists <wm-lists at nixpeeps.com> wrote:

> I'm using the openscap rpm's from Red Hat (via RHN)
> # rpm -q openscap
> openscap-0.8.0-2.el6.x86_64
>
> # oscap --version | head -n 1
> OSCAP util (oscap) 0.8.0
>
> As far as the content goes, that is the content I downloaded via git this
> morning.
> I can reproduce the "null"'s pretty much everytime.
>
>
> On Mon, Oct 22, 2012 at 11:52 AM, Simon Lukasik <slukasik at redhat.com>wrote:
>
>> On 10/22/2012 04:49 PM, wm-lists wrote:
>> > I have downloaded the latest oscap files via git, and executed a profile
>> > on a RHEL6 box using the content, but my results seem to be full of
>> > *null* and maybe one or two *pass*.
>> >
>>
>> That's definitely not expected. We've looked into this, but we are
>> failing to reproduce the issue.
>>
>> Sometimes people happen to mix locally built oscap tool with globally
>> installed library. Can you please verify that the following versions do
>> matches for You:
>>
>>   $ rpm -q openscap
>>
>>   $ oscap --version | head -n 1
>>
>> Also, are You able to reproduce this issues with package installed by
>> rpm? You can use rpm packages either
>>  - from your provider
>>  - our today's unofficial build at
>> http://repos.fedorapeople.org/repos/gitopenscap/openscap/epel-6/
>>
>> > Am I missing a step here?  any guidance would be greatly appreciated.
>> >  I'm looking at integrating this with my employers Satellite
>> > installation and am very interested in the security implications of
>> this.
>> >
>>
>> Great, good luck!
>>
>> I wonder, if you really need latest openscap for this? Isn't the
>> official build of openscap from Your provider good enough?
>>
>> > Thanks!
>> > Will
>> >
>> > #oscap xccdf eval --profile server dist/content/ssg-rhel6-xccdf.xml
>> >
>> > Rule ID:        partition_for_tmp
>> > Title:          Ensure /tmp Located On Separate Partition
>> > Result:         (null)
>> >
>> > Rule ID:        partition_for_var
>> > Title:          Ensure /var Located On Separate Partition
>> > Result:         (null)
>> >
>> > Rule ID:        partition_for_var_log
>> > Title:          Ensure /var/log Located On Separate Partition
>> > Result:         (null)
>> >
>> > Rule ID:        partition_for_var_log_audit
>> > Title:          Ensure /var/log/audit Located On Separate Partition
>> > Result:         (null)
>> >
>> > Rule ID:        partition_for_home
>> > Title:          Ensure /home Located On Separate Partition
>> > Result:         (null)
>> >
>> > Rule ID:        ensure_redhat_gpgkey_installed
>> > Title:          Ensure Red Hat GPG Key Installed
>> > Result:         (null)
>> >
>> > Rule ID:        service_rhnsd_disabled
>> > Title:          Disable Red Hat Network Service (rhnsd)
>> > Result:         (null)
>> >
>> > Rule ID:        security_patches_up_to_date
>> > Title:          Ensure Software Patches Installed
>> > Result:         (null)
>> >
>> > Rule ID:        ensure_gpgcheck_globally_activated
>> > Title:          Ensure gpgcheck Enabled In Main Yum Configuration
>> > Result:         (null)
>> >
>> > Rule ID:        ensure_gpgcheck_never_disabled
>> > Title:          Ensure gpgcheck Enabled For All Yum Package Repositories
>> > Result:         (null)
>> >
>> >
>> >
>> > _______________________________________________
>> > Open-scap-list mailing list
>> > Open-scap-list at redhat.com
>> > https://www.redhat.com/mailman/listinfo/open-scap-list
>>
>>
>> --
>> Simon Lukasik
>> Security Technologies
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20121022/26ddb751/attachment.htm>

More information about the Open-scap-list mailing list