[Open-scap] Informational value

Jan Cerny jcerny at redhat.com
Mon Jul 4 11:25:24 UTC 2016 

Hi Rocio,

It should work always when using OVAL definitions.
This looks like a bug. Could you provide details, please?

Regards

Jan Černý
Security Technologies | Red Hat, Inc.

----- Original Message -----
> From: "Rocio Romero" <rocio at wazuh.com>
> To: "Jan Cerny" <jcerny at redhat.com>
> Cc: open-scap-list at redhat.com
> Sent: Friday, July 1, 2016 7:56:08 PM
> Subject: Re: [Open-scap] Informational value
> 
> Hi Jan,
> 
> Thank you so much for your answer! It was really helpful :)
> 
> I have one more question with the -oval-results option…. For some reason, it
> did’t show the details with a benchmark I have. I tried with other personal
> benchmark and that one worked. There is something needed in the xccdf or
> oval file to make it works? I reviewed both and I don’t know what is exactly
> happening :/
> 
> Thank you!
> 
> Rocio
> 
> 
> 
> 
> > On Jul 1, 2016, at 12:38 AM, Jan Cerny <jcerny at redhat.com> wrote:
> > 
> > Hi Rocio,
> > 
> > Yes, the result of an XCCDF check can be "informational".
> > The XCCDF specification [1] says that:
> > 
> > The <xccdf:Rule> was checked, but the output from the checking engine is
> > simply
> > information for auditors or administrators; it is not a compliance
> > category. This status value is
> > designed for <xccdf:Rule> elements whose main purpose is to extract
> > information from the
> > target rather than test the target.
> > 
> > From what I understand, this value is used for rules that are evaluated,
> > but not going to be
> > counted into the result score (do not affect the score). That happens if
> > you have an XCCDF rule
> > with attribute "role" set to "unscored".
> > However I am sorry I haven't found any check in OpenSCAP that is using
> > this.
> > 
> > Regarding your second question, OpenSCAP >= 1.2.2 can display OVAL results
> > in the HTML report if you run it with "--oval-results", eg.:
> > 
> > # oscap xccdf eval --results results.xml --oval-results --report
> > report.html my_benchmark.xml
> > 
> > The HTML report will look like in [2].
> > 
> > [1] http://csrc.nist.gov/publications/nistir/ir7275-rev4/NISTIR-7275r4.pdf
> > (page 43)
> > [2]
> > https://www.open-scap.org/wp-content/uploads/2015/09/ssg-rhel7-ds-xccdf.report.html
> > 
> > I hope this helps.
> > 
> > Best regards
> > 
> > Jan Černý
> > Security Technologies | Red Hat, Inc.
> > 
> > ----- Original Message -----
> >> From: "Rocio Romero" <rocio at wazuh.com>
> >> To: open-scap-list at redhat.com
> >> Sent: Thursday, June 30, 2016 9:50:34 PM
> >> Subject: [Open-scap] Informational value
> >> 
> >> Hi everyone,
> >> 
> >> I was taking a look to the possibles values we can get from a check in
> >> this
> >> webpage
> >> https://sadocs.emc.com/0_en-us/089_105InfCtr/215_SysAdm/ConfigurSTIG/30_OpenSCAPRpt
> >> .
> >> 
> >> I saw that “Informational” is a valid value. Could you please give me an
> >> example of this?
> >> 
> >> Also, I was wondering if there is any way to return some output from a
> >> check
> >> and put this output in the report (a friend ask me about that and I’m not
> >> sure 100%).
> >> 
> >> Thank you so much,
> >> 
> >> Rocio
> >> 
> >> _______________________________________________
> >> Open-scap-list mailing list
> >> Open-scap-list at redhat.com
> >> https://www.redhat.com/mailman/listinfo/open-scap-list
> 
>

More information about the Open-scap-list mailing list