[Open-scap] Need help understanding RHEL STIG findings
Snyder, Chris
Chris_Snyder at sra.com
Wed Jan 30 22:00:15 UTC 2013
Adding the '-oval-results' flag to my run gave me more data. My output looks more like yours in format now.
Thx.
Chris.
From: open-scap-list-bounces at redhat.com [mailto:open-scap-list-bounces at redhat.com] On Behalf Of Shawn Wells
Sent: Wednesday, January 30, 2013 12:58 PM
To: open-scap-list at redhat.com
Subject: Re: [Open-scap] Need help understanding RHEL STIG findings
On 1/30/13 11:38 AM, Snyder, Chris wrote:
I'm trying to understand my findings from applying the latest RHEL5 STIG Benchmark against one of my RHEL5 hosts. The results appear to indicate some false positives and I don't know how to determine if that is indeed the case or not. Ultimately, I would love to gain more insight into how to determine what tests are being performed by openscap for a given STIG/XCCDF/OVAL item or at least how to find out the results of the tests being run, i.e. I want to understand WHY openscap is reporting these items as failed.
To make things a bit more consumable you can utilize OpenSCAP's "generate guide," turning the STIG into something that is actually readable:
$ oscap xccdf generate guide \
/tmp/U_RedHat_5-V1R1_STIG_Benchmark-xccdf.xml \
> /tmp/U_RedHat_5-V1R1_STIG_Benchmark.html
Pull up /tmp/U_RedHat_5-V1R1_STIG_Benchmark.html in your favorite browser and look around.
When you run a scan you can have OpenSCAP generate an HTML report which gives more details around failures:
$ sudo sh -c "oscap xccdf eval --profile MAC-1_Public \
--results stig-xccdf-results.xml \
--report /tmp/`hostname`-stigscanresults.html \
--oval-results \
--cpe-dict /tmp/U_RedHat_5-V1R1_STIG_Benchmark-cpe-dictionary.xml \
/tmp/U_RedHat_5-V1R1_STIG_Benchmark-xccdf.xml"
View /tmp/`hostname`-stigscanresults.html in your browser and click on some of the failed items. Many give you details under the "Remediation Script" section.
Here is my report against a generic RHEL 5.8 install, for example:
https://blog-shawndwells.rhcloud.com/wp-content/uploads/2012/10/stigscanresults-beforeaqueduct.html
Here is the process that I use for STIGing a RHEL5 box, using OpenSCAP+Aqueduct:
https://blog-shawndwells.rhcloud.com/2012/10/how-to-stig-a-red-hat-enterprise-linux-rhel5-machine/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20130130/04cb6af9/attachment.htm>
More information about the Open-scap-list
mailing list