[Open-scap] Using CIS Security Benchmarks with OpenSCAP
Mosley, Graham A. (GSFC-6062)[GSFC - HIGHER EDUCATION]
graham.mosley at nasa.gov
Fri Jun 26 17:39:33 UTC 2015
It looks like section 9.2.13 contains the unusual namespace (this is what Steve Grubb mentioned). CIS-CAT provides the schema x-unix-invalidhomedirownership.xml and I tried copying this into the OpenSCAP schema directory but it didn’t seem to work.
I removed all references to 9.2.13 and was able to run a scan with OpenSCAP 1.2.3 using the —skip-vaild option. I did have 3 errors on sections 9.2.2-4 but that may be unrelated.
My plan is to test using OpenSCAP 1.2.4 to see if the improved OVAL 5.11 support changes anything.
On Jun 26, 2015, at 1:24 PM, Gary Gapinski <gapinski at nasa.gov<mailto:gapinski at nasa.gov>> wrote:
On 06/26/2015 10:29 AM, Gary Gapinski wrote:
My suspicion is that the content (benchmarks) itself has been extended past SCAP 1.2.
Looking at the June 2015 CIS-CAT release and its CentOS 7 OVAL content, I find neither oscap or my validating editor like it.
oscap oval validate CIS_CentOS_Linux_7_Benchmark_v1.1.0-oval.xml fails.
That document has at least three errors, one of which is the presence of an unusual namespace http://oval.mitre.org/XMLSchema/x-unix-invalidhomedirownership which is used at lines 4346 and 5560.
The document asserts it is OVAL v5.11.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20150626/fe07a73c/attachment.htm>
More information about the Open-scap-list
mailing list