[Open-scap] oscap-docker: OVAL vs XCCDF eval

Shawn Wells shawn at redhat.com
Thu Nov 17 00:00:14 UTC 2016 

Attempting to use oscap-docker on RHEL7 host, scanning RHEL7 containers.
I can use the OVAL scanner but not XCCDF eval. Is this a known issue?

e.g.

> # oscap-docker container rhel7.0 oval eval \
> --results oval-results.xml \
> --report report.html\
> /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml
> ......
> Definition oval:ssg-xwindows_runlevel_setting:def:1: true
> Definition oval:ssg-wireless_disable_interfaces:def:1: true
> Definition oval:ssg-var_umask_for_daemons_as_number:def:1: true
> Definition oval:ssg-var_removable_partition_is_cd_dvd_drive:def:1: unknown
> Definition oval:ssg-var_accounts_user_umask_as_number:def:1: true
> Definition oval:ssg-userowner_shadow_file:def:1: true
> ......


But if using an actual profile:
> # oscap-docker container rhel7.0 xccdf eval \
> --profile
> xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream \
> --results xccdf-results.xml \
> --report report.html\
> /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml
>
> OpenSCAP Error: Session input file was determined but it isn't an
> XCCDF file, a source datastream or an XCCDF tailoring file.
> [xccdf_session.c:135]
>
> Command: oscap xccdf eval --profile
> xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream
> --results oval-results.xml --report report.html
> /usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml failed!
>
> Error was:
>
> Command '['oscap', 'xccdf', 'eval', '--profile',
> 'xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream',
> '--results', 'oval-results.xml', '--report', 'report.html',
> '/usr/share/xml/scap/ssg/content/ssg-rhel7-oval.xml']' returned
> non-zero exit status 1

Also tried with XCCDF file, vs datastream:

> # oscap-docker container rhel7.0 xccdf eval \
> > --profile stig-rhel7-server-upstream \
> > --results xccdf-results.xml \
> > --report report.html \
> > /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
> WARNING: Skipping
> http://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2
> file which is referenced from XCCDF content
>
> Command: oscap xccdf eval --profile stig-rhel7-server-upstream
> --results xccdf-results.xml --report report.html
> /usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml failed!
>
> Error was:
>
> Command '['oscap', 'xccdf', 'eval', '--profile',
> 'stig-rhel7-server-upstream', '--results', 'xccdf-results.xml',
> '--report', 'report.html',
> '/usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml']' returned
> non-zero exit status 2

More information about the Open-scap-list mailing list