[Open-scap] OSCAP Debug Pointers

[Simon Lukasik]

On 12/12/2013 10:48 PM, Matthew Mariani wrote:
> Hi List,
> 
Hello Matthew,

> I'm adding a new check into the rht-ccp profile and getting some errors
> during oscap runtime.  Are there best practices (documented or
> otherwise) for debug?

Yes there are; for debugging we use

    http://www.open-scap.org/page/Debug

However, that is not always necessary.

>  Log files?
> 
> [root at rhel6client ~]# oscap xccdf eval --profile rht-ccp --cpe
> /root/projects/scap-security-guide/RHEL6/output/ssg-rhel6-cpe-dictionary.xml
> --results /root/rht-ccp-results.new.xml --report
> /root/rht-ccp-report.new.html
> /root/projects/scap-security-guide/RHEL6/output/ssg-rhel6-xccdf.xml

Could you please add `--oval-results' option to the command-line?

OpenSCAP will then produce output OVAL files: *.result.xml in working
directory. There might be some clues in them.

Otherwise, could you please share your ssg-rhel6-oval.xml with us? Or
ideally a minimized test-case which triggers this issue.

> Title   Check for Non-RH Signed Pacakages
> Rule    ccp_check_for_nonRH_packages
> Ident   (null)
> Result  unknown  <---- ** This is my test, it fails to evaluate
> ...
> Other tests run ok
> ...
> OpenSCAP Error: No definition with ID: oval:ssg:def:3121 in result
> model. [oval_agent.c:180]   <-- oscap ends with this error. 
> oval:ssg:def:3121 is my new check as can be observed in the oval and
> xccdf files below.
> [root at rhel6client output]# pwd
> /root/projects/scap-security-guide/RHEL6/output
> [root at rhel6client output]# grep "oval:ssg:def:3121" *
> ssg-ocilrefs-rhel6-xccdf.xml:            <check-content-ref
> name="oval:ssg:def:3121" href="ssg-rhel6-oval.xml"/>
> ssg-rhel6-oval.xml:    <definition class="compliance"
> id="oval:ssg:def:3121" version="1">
> ssg-rhel6-xccdf.xml:            <check-content-ref
> name="oval:ssg:def:3121" href="ssg-rhel6-oval.xml"/>
> 
> Any help is appreciated.  Thanks,
> -Matt
> 

Best regards,

-- 
Simon Lukasik
Security Technologies