[Open-scap] scap-workbench remote scan doesnt work

DD Donny Lie deodion at gmail.com
Fri Sep 22 09:48:09 UTC 2017 

sorry, I mean, although i change SSH port to something else like *60215*,
the dry run command will result:

*oscap-ssh r <root at 36.88.58.11>oot at target-ip 22 xccdf eval \*
*--fetch-remote-resources \*
*--datastream-id
scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml \*
*--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \*
*--profile xccdf_org.ssgproject.content_profile_standard \*
*--oval-results --results /tmp/xccdf-results.xml \*
*--results-arf /tmp/arf.xml \*
*--report /tmp/report.html \*
*/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml*


But I notice if I use port like 111 or 8000, it will correctly displayed,
changing port to 50000 or 60000 will result above (port 22)



On Fri, Sep 22, 2017 at 4:35 PM, DD Donny Lie <deodion at gmail.com> wrote:

> If I use this in CentOS 7 terminal (removed --oval-results, --results-arf)
> :
> *oscap-ssh root at ip-address 60215 xccdf eval \*
> *--fetch-remote-resources \*
> *--datastream-id
> scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml \*
> *--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \*
> *--profile xccdf_org.ssgproject.content_profile_standard \*
> *--report /root/report-standard-via-clie.html \*
> */usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml*
>
> *it is working,*
>
>
> but same 'dry run' command above *USING* workbench will result:
> *error*
> *Failed to locate oscap on remote machine. Please, check that
> openscap-scanner is installed on the remote machine.*
>
> and the workbench is loading very long while I click scan,
>
>
>
> and 'dry run' will result in clipboard below (which maybe you guys should
> fix it):
> *oscap-ssh root at 36.88.58.11 <root at 36.88.58.11> 22 xccdf eval \*
> *--fetch-remote-resources \*
> *--datastream-id
> scap_org.open-scap_datastream_from_xccdf_ssg-rhel7-xccdf-1.2.xml \*
> *--xccdf-id scap_org.open-scap_cref_ssg-rhel7-xccdf-1.2.xml \*
> *--profile xccdf_org.ssgproject.content_profile_standard \*
> *--oval-results --results /tmp/xccdf-results.xml \*
> *--results-arf /tmp/arf.xml \*
> *--report /tmp/report.html \*
> */usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml*
>
>
> On Fri, Sep 22, 2017 at 3:21 PM, DD Donny Lie <deodion at gmail.com> wrote:
>
>> *From CentOS 7 (scap workbench) *
>> *to target (CentOS 7) installed latest openscap-scanner*
>> *the target is VM guest under ESXi 5.5,*
>>
>>
>> 15:02:25
>> info
>> SCAP Workbench 1.1.4, compiled with Qt 4.8.5, using OpenSCAP 1.2.14
>>
>> 15:02:54
>> info
>> Opened file '/usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml'.
>>
>> 15:04:08
>> info
>> Establishing connecting to remote target...
>>
>> 15:04:18
>> info
>> Connection established.
>>
>> 15:04:18
>> info
>> Checking if oscap is available on remote machine...
>>
>> 15:08:19
>> error
>> Failed to locate oscap on remote machine. Please, check that
>> openscap-scanner is installed on the remote machine.
>>
>>
>> *Am I missing something? this should be pretty basic right, but its not
>> working?*
>>
>>
>> On Fri, Sep 22, 2017 at 2:49 PM, DD Donny Lie <deodion at gmail.com> wrote:
>>
>>> *Target Machine:*
>>>
>>> oscap -V
>>> OpenSCAP command line tool (oscap) 1.2.14
>>> Copyright 2009--2017 Red Hat Inc., Durham, North Carolina.
>>>
>>> ==== Supported specifications ====
>>> XCCDF Version: 1.2
>>> OVAL Version: 5.11.1
>>> CPE Version: 2.3
>>> CVSS Version: 2.0
>>> CVE Version: 2.0
>>> Asset Identification Version: 1.1
>>> Asset Reporting Format Version: 1.1
>>>
>>> ==== Capabilities added by auto-loaded plugins ====
>>> No plugins have been auto-loaded...
>>>
>>> ==== Paths ====
>>> Schema files: /usr/share/openscap/schemas
>>> Default CPE files: /usr/share/openscap/cpe
>>> Probes: /usr/libexec/openscap
>>>
>>>
>>> On Thu, Sep 21, 2017 at 8:29 PM, DD Donny Lie <deodion at gmail.com> wrote:
>>>
>>>> *Here you go my detail:*
>>>> Target machine: CentOS 7 (installed openscap-scanner)
>>>> scap-workbench: RHEL 7
>>>> connect via internet
>>>>
>>>> root at target-ip at port 60215
>>>> port forwarding to 22
>>>>
>>>> *Diganostics says:*
>>>>
>>>> 19:47:55
>>>> info
>>>> SCAP Workbench 1.1.4, compiled with Qt 4.8.5, using OpenSCAP 1.2.14
>>>>
>>>> 19:48:00
>>>> info
>>>> Opened file '/usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml'.
>>>>
>>>> 19:48:37
>>>> info
>>>> Establishing connecting to remote target...
>>>>
>>>> 19:48:46
>>>> info
>>>> Connection established.
>>>>
>>>> 19:48:46
>>>> info
>>>> Checking if oscap is available on remote machine...
>>>>
>>>> 19:48:47
>>>> error
>>>> *Failed to locate oscap on remote machine. Please, check that
>>>> openscap-scanner is installed on the remote machine.*
>>>>
>>>> *Thanks,*
>>>> *Donny Lie*
>>>>
>>>>
>>>> On Thu, Sep 21, 2017 at 7:44 PM, DD Donny Lie <deodion at gmail.com>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>> I have a CentOS 7 with installed openscap-scanner
>>>>> and I use scap-workbench from my laptop with VM RHEL 7, trying to
>>>>> remote scan the CentOS 7,
>>>>>
>>>>> It succeed login via SSH but Diagnostics says:
>>>>>
>>>>> *error    *
>>>>> *Failed to locate oscap on remote machine. Please, check that
>>>>> openscap-scanner is installed on the remote machine.*
>>>>>
>>>>> Am I missing something?
>>>>>
>>>>> --
>>>>>
>>>>> *Donny Lie*
>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20170922/6473d9e5/attachment.htm>

More information about the Open-scap-list mailing list