[Open-scap] running a 64 bit machine but remediation creates 32 bit rules
Martin Preisler
mpreisle at redhat.com
Mon Apr 3 07:55:05 UTC 2017
That sounds like a bug.
We use "getconf LONG_BIT" to detect the arch. What does it return on
your machine?
Could you try with latest upstream - 0.1.32? Maybe this was fixed
upstream already.
On Thu, Mar 30, 2017 at 11:20 AM, Josh Moore <josh at tarokosoftware.com> wrote:
> Hi I am using oscap on centos 7.1 to run a PCI profile check. The system is
> 64 bit (see arch and uname -a). However, when I run the remediation I get
> some 32 bit runs (see /etc/audit/rules.d/audit_time_rules.rules). Can
> anybody explain why this would be? Or is it a bug?
>
>
> COMMAND
> oscap xccdf eval --remediate --tailoring-file tailoring.xml --report
> report.html --profile xccdf_org.ssgproject.content_profile_pci-dss_with_ot
> /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml
>
> CONFIRM 64BIT
> [root at test ~]# arch
> x86_64
> [root at test ~]# uname -a
> Linux test.checkoutstagingapp.com 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6
> 11:36:42 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>
> 32 BIT REMEDIATION RULE
> [root at test ~]# cat /etc/audit/rules.d/audit_time_rules.rules
> -a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k
> audit_time_rules
> -w /etc/localtime -p wa -k audit_time_rules
> Thanks,
>
>
> Josh Moore
> Chief Architect
> TarokoSoftware
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
--
Martin Preisler
More information about the Open-scap-list
mailing list