[Open-scap] Offline mode scanning

[Richard W.M. Jones]

On Mon, May 13, 2013 at 04:34:20PM +0200, Daniel Kopecek wrote:
> Hello,
>  for some time now I've been working on a simple solution for
> scanning images of virtual hosts with the OpenSCAP library.
> We've been thinking about this for a time now, but the real work
> towards a solution came after a discussion with
> Richard W.M. Jones who came with two proposals. We've decided to try
> the simple-but-not-so-robust one first -- just use
> guestmount to mount the virtual host image somewhere and chroot()
> the OpenSCAP probes there.
> 
> The implementation is now ready to be tested. It's available in our
> git repository in the offline-mode branch. If the testing
> doesn't reveal any serious issues or regressions, I'll merge it into
> the master branch. Please read the "how to test" section
> bellow if you want to try out the feature. Please report bugs if you
> find some or write your suggestions if you have some.

I ran guestmount with debugging enabled so I could see the disk
accesses (and verify that it's really accessing the guest, not the
host).  I can confirm it is accessing the guest.

sudo guestmount -a /dev/fedora/f18x64 -i --ro /tmp/mnt -x

This was the command I used to scan the guest:

sudo OSCAP_PROBE_ROOT=/tmp/mnt OSCAP_PROBE_OS_NAME=Linux OSCAP_PROBE_OS_VERSION=3.2 OSCAP_PROBE_ARCHITECTURE=x86_64 OSCAP_PROBE_PRIMARY_HOST_NAME=f18x64 ./run ./utils/oscap xccdf eval --profile F14-Default ./dist/fedora/scap-fedora14-xccdf.xml

It all appears to be working, although several tests failed (as
expected).

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top