[Open-scap] notchecked result
Ray Blair
rcblair at comcast.net
Sat Feb 28 08:49:12 UTC 2015
Thank you for clearing that up.
On 2/27/15 9:40 AM, Shawn Wells wrote:
>
> On 2/27/15 12:33 PM, Ray Blair wrote:
>>
>> I am using scap-security-guide-0.1.20.tar and OpenSCAP version
>> 1.0.3.2 that ships with rhel7
>>
>> The command I am running is:
>>
>> oscap xccdf eval –profile stig-rhel7-server-upstream –cpe
>> ssg-rhel7-cpe-dictionary.xml –reports “somefilename” --results
>> “somefilename” ssg-rhel7-xccdf.xml
>>
>> It seems to run fine until I add more checks. For instance if I
>> enable check kdump service it comes back with notchecked. I get the
>> same results for most additional checks. I have tried several
>> iterations of running with and without specifying the profile, cpe
>> dictionary file and have tried using a tailoring file and get the
>> same results.
>>
>> I got the latest OpenSCAP version (1.2.1-0.1) and compiled it with
>> the --enable–sce option. Now the results are notapplicable instead of
>> notchecked. I am not sure if this is progress. I also tried several
>> other compiler options with the same results . I am probably missing
>> something simple.
>>
>
> SSG's RHEL7 content is still in active churn (which is part of why
> it's not shipping in RHEL7 yet). Much of the underlying OVAL content
> hasn't been ported from RHEL6 to RHEL7 yet, which is likely causing
> the notchecked results.
>
> Here's the upstream repo of OVAL checks:
> https://github.com/OpenSCAP/scap-security-guide/tree/master/RHEL/7/input/checks
>
> Or expressed another way, for the 406 RHEL7 XCCDF rules, only 131 have
> OVAL so far:
> $ grep -rin "<Rule" RHEL/7/input/ | wc -l
> 406
> $ ls RHEL/7/input/checks/ | wc -l
> 131
>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20150228/c3e1211f/attachment.htm>
More information about the Open-scap-list
mailing list