[Open-scap] Scan error for 1st scan, which disappears on the subseuent 2nd scan

Luther Goh Lu Feng elfgoh at yahoo.com
Fri Apr 28 07:47:00 UTC 2017 

I confirm that multiple scans doesnt have any errors. Thanks

--Luther


On Thursday, April 27, 2017 8:21 PM, Luther Goh Lu Feng <elfgoh at yahoo.com> wrote:



I will have to retry in 14 hours time ;)

I installed the package by enabling testing in sources.list, and then disabling testing. Jessie was still enabled throughout, though I am unsure if this is an issue.

--Luther


On Thursday, April 27, 2017 8:16 PM, Philippe Thierry <phil at reseau-libre.net> wrote:



Just relaunching the same scan but multiple times, to check if it is an 
erratic behavior :)

You can also test other profiles (see https://wiki.debian.org/UsingSCAP) 
but I don't think this is the source of the bug.

I'm not sure how safe it is to install a stretch package on jessie... 
You pine the package (cleaner) or just update sources.list ?



Le 27/04/2017 à 14:05, Luther Goh Lu Feng a écrit :
> Yes, I enabled Debian testing on Jessie to install
> libopenscap8 release 1.2.9-1.
>
> I have not tried other scans. Which would you recommend? Thanks
>
>
> --Luther
>
> On Thursday, April 27, 2017 6:50 PM, Philippe Thierry <phil at reseau-libre.net> wrote:
>
>
>
> Hi,
>
> I've seen a same type of error with SSG 0.1.32 when using OpenSCAP
> release 1.0.9 (Debian Jessie release). That's why by now the ssg package
> for Debian is still using 0.1.31 - same message but whithout the
> SIGSEGV). I've never seen this bug with 1.2.x version of OpenSCAP.
>
> What is strange is the fact that the second scan just works fine. The
> two executions are normally independantly executed, without any
> interactions.
>
> You precised that the target uses libopenscap8 release 1.2.9-1, which
> means that you backported the Stretch release on Jessie ?
>
> Have you tried other scans to check if there is no more bug or if it
> happends heratically ?
>
>
>
> Le 27/04/2017 à 12:23, Luther Goh Lu Feng a écrit :
>> Running a from a debian scanner, to scan a debian target using openscap-ssh, first time scan results in the error below.
>>
>> Command is:
>> ssh -t debian at 192.168.0.1 "~/oscap-ssh/oscap-ssh root at 192.168.0.2 22  xccdf eval --fetch-remote-resources --results ~/scan/debian-xccdf-results.xml --report ~/scan/debian-xccdf-results.html --profile xccdf_org.ssgproject.content_profile_common /usr/share/ssg/ssg-debian8-ds.xml";
>>
>> Scanner libaries:
>> libopenscap8                         1.2.9-1+b2
>> ssg-debian                           0.1.31-3
>>
>>
>> Target libraries:
>> libopenscap8                         1.2.9-1+b2
>>
>> Second scan results in no error. Is this a known bug or is there a misconfiguration somewhere?
>>
>>
>> ===============
>> OpenSCAP Error: Probe with PID=6497 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173]
>> Item corresponding to object 'oval:ssg-obj_package_rsyslog_installed:obj:1' from test 'oval:ssg-test_package_rsyslog_installed:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:908]
>> Probe with PID=6509 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173]
>> Item corresponding to object 'oval:ssg-obj_package_telnetd_removed:obj:1' from test 'oval:ssg-test_package_telnetd_removed:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:908]
>> Probe with PID=6515 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173]
>> Item corresponding to object 'oval:ssg-obj_package_inetutils-telnetd_removed:obj:1' from test 'oval:ssg-test_package_inetutils-telnetd_removed:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:908]
>> Probe with PID=6523 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173]
>> Item corresponding to object 'oval:ssg-obj_package_telnetd-ssl_removed:obj:1' from test 'oval:ssg-test_package_telnetd-ssl_removed:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:908]
>> Probe with PID=6529 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173]
>> Item corresponding to object 'oval:ssg-obj_package_nis_removed:obj:1' from test 'oval:ssg-test_package_nis_removed:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:908]
>> Probe with PID=6535 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173]
>> Item corresponding to object 'oval:ssg-obj_package_ntpdate_removed:obj:1' from test 'oval:ssg-test_package_ntpdate_removed:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:908]
>> Probe with PID=6541 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173]
>> Item corresponding to object 'oval:ssg-obj_package_auditd_installed:obj:1' from test 'oval:ssg-test_package_auditd_installed:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:908]
>> Probe with PID=6547 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173]
>> Item corresponding to object 'oval:ssg-obj_package_cron_installed:obj:1' from test 'oval:ssg-test_package_cron_installed:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:908]
>> Probe with PID=6553 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173]
>> Item corresponding to object 'oval:ssg-obj_package_ntp_installed:obj:1' from test 'oval:ssg-test_package_ntp_installed:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:908]
>> Probe with PID=6559 has been killed with signal 11 [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173]
>> Item corresponding to object 'oval:ssg-obj_package_openssh-server_removed:obj:1' from test 'oval:ssg-test_package_openssh-server_removed:tst:1' has an unknown flag. This may indicate a bug in OpenSCAP. [../../../../src/OVAL/results/oval_resultTest.c:908]
>> Result  pass
>>
>> oscap exit code: 2
>>
>> _______________________________________________
>> Open-scap-list mailing list
>> Open-scap-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/open-scap-list
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list

More information about the Open-scap-list mailing list