[Open-scap] oscap-ssh based remediation killing remote server
Fen Labalme
fen at civicactions.com
Thu Apr 21 22:14:04 UTC 2016
Hi,
I'm running oscap-ssh on CentOS 7 using oscap-user and the `sudo` option.
Running a scan on a remote server works great (thank you!):
oscap-ssh sudo oscap-user at 192.168.56.102 22 xccdf eval --profile
> xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream
> --results-arf scans/results-arf.xml --results scans/results.xml --report
> scans/results.html scap/ssg-centos7-ds.xml
Then I run a remediation with the line:
oscap-ssh sudo oscap-user at 192.168.56.102 22 xccdf eval --remediate
> --profile xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream
> --results scans/remediation-results.xml --fetch-remote-resources
> scap/ssg-centos7-ds.xml
This completely kills access to the server at 192.168.56.102 (via host or
dashboard).
Am I calling remediation incorrectly? Has anyone else seen anything like
this? No obvious errors are reported.
Suggestions on how to debug what step might be killing the server are
welcome. Note that it doesn't die until the SSJ connection is closed, e.g.
after:
Shared connection to 192.168.56.102 closed.
> oscap exit code: 2
> Copying back requested files...
> results.xml 100%
> 1889KB 1.9MB/s 00:00
> Removing remote temporary directory...
> Disconnecting ssh and removing master ssh socket directory...
> Exit request sent.
The exact steps I'm using are captured in a completely self-contained
ansible role test setup (that uses vagrant) documented - shpuld you want to
recreate my process - at
https://github.com/openprivacy/ansible-role-govready/blob/master/tests/README.md
Thanks,
=Fen
--
Fen Labalme, CISO at CivicActions.com
Security | Quality | DevOps
mobile: 412-996-4113
github/skype/twitter: openprivacy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20160421/df8331a3/attachment.htm>
More information about the Open-scap-list
mailing list