[Open-scap] Getting actual violations from OVAL results && USING xslt IN OSCAP

Martin Preisler mpreisle at redhat.com
Wed Apr 23 13:51:30 UTC 2014 

----- Original Message -----
> From: "AVNISH CHANDRA SUMAN" <avnishchandrasuman at gmail.com>
> Cc: open-scap-list at redhat.com
> Sent: Wednesday, April 23, 2014 3:15:43 PM
> Subject: Re: [Open-scap] Getting actual violations from OVAL results && USING xslt IN OSCAP
> 
> By "actual violations" i mean, rather than printing "true/false" as oval
> results , i want to print a message that helps users to correct the item
> that caused error, for eg:
> *File /var/yp/abc.txt owned by user_id 0*

This helped a lot! You probably should have started with this.

> 
> I want to print a minimum set of such items (after evaluating
> criteria/criterion/ logical operators/ negate/result ) that will help user
> to make system compliant. Now, oval result xml has all the tested_items
> that failed/passed. I cant just print the failed items. Need to evaluate
> conditions such as "negate" & "logical operators"  and determine by
> correcting which "tested_items , i can make system compliant"
> 
> eg.
> > <definition definition_id="abc:1" result="false">
> > <criteria operator="AND" result="false">
> > <criterion testref="xyz" result="false">
> > <criteria  result="true">
> > <criterion testref="wxy" result="false" negate="true">
> > </criteria>
> > </criteria>
> > </definition>
> > <tests>
> > <test id="xyz" result="false">
> > <tested_item id="123" result="false">
> > <tested_item id="456" result="true">
> > </test>
> > <test id="wxy" result="false">
> > <tested_item id="789" result="false">
> > </test>
> > </tests>
> >
> > In this case only by correcting item "123" i can make rule evaluate to true
> >
> 
> * I have already written a java code using DOM that prints such violations
> , by traversing the DOM tree from definition to criterion and get the tests
> and tested_items. *
> 
> *I saw that open-scap has a option called *
> oscap xccdf generate report --oval-template*" *
> to get failed items in a report.

openscap does this in the XSLT reports, AFAIK we only support it in the XCCDF report. The OVAL report XSLT is fairly simplistic compared to the XCCDF report one.

You can try `oscap oval generate` but if you want this functionality you will have to make changes to the XSLT. 

> 
> Does this option do , what i am trying to do? or it just prints any
> tested_item that failed?
> Is there any way to run "oscap xccdf generate report --oval-template"
> withou a xccdf result file?

No.

-- 
Martin Preisler

More information about the Open-scap-list mailing list