[Open-scap] OpenSCAP Error, Missing Library?
Gary Gapinski
Gapinski at nasa.gov
Fri Apr 19 10:38:05 UTC 2013
Hello, Anthony:
On 04/18/2013 10:16 AM, Anthony Davis wrote:
> …Only my next problem though, it seems to hang during the cans, namely on
>
> Rule ID: SV-37379r1_rule
> Title: All interactive user home directories defined in the /etc/passwd file must exist.
>
> I am running with: /usr/bin/oscap xccdf eval --results /tmp/tmpYp6_Ec --skip-valid --profile=MAC-1_Public /tmp/U_RedHat_5-V1R1_STIG_Benchmark-xccdf.xml
>
> and the rule after it, is there a way to get a more granular output to see whats going on and find out why it is hanging? The system only has the bog standard redhat users on it, cant be more than 20 system users so I dont think it is due to volume of dirs it has to check?…
Have you a link to a copy of the XCCDF and OVAL you are using?
I can take a look (primarily looking for "expensive" OVAL tests such as
those which traverse all file systems searching for "unowned" files and
the like).
A variant of this would be to temporarily disable all but a single XCCDF
<Rule> (an innocuous one other than the one(s) suspected) by commenting
out any <Profile> <select>s activating all other <Rule>s, or, if there
are no such <select>s, altering the selected attribute of all other
<Rule>s to false. And then run the scan again.
Regards,
Gary
More information about the Open-scap-list
mailing list