[Open-scap] OpenSCAP Work bench on Windows

Martin Preisler mpreisle at redhat.com
Fri May 25 18:46:52 UTC 2018 

Hi Joseph,
the Windows version of SCAP Workbench is meant to scan remote Linux
systems. It uses OpenSCAP and OpenSCAP currently doesn't support
Windows, Windows support is in the works, the git master branch of
OpenSCAP can already scan Windows. Stay tuned for an official release.
See https://twitter.com/OpenSCAP/status/989107760464834560 for a
teaser. Any help in this area is welcome, we need to start a Windows
OpenSCAP community.

On Tue, May 22, 2018 at 9:44 AM, Joseph Roscioli <roscioli812 at gmail.com> wrote:
> Hello,
>
> My company provides Distributed Control Systems. The User interface is
> Windows. We harden the machines per DoD STIGS via GPOs. We would like to use
> the OpenSCAP to audit the systems before and after the GPOs are applied.
>
> I downloaded the Workbench to do a trial run. I installed the Windows
> version of the SCAP Workbench 1.1.5 on a Windows 7 machine. Ultimately I
> would like to scan Windows 7 and Windows 10 machines.
> Is the Workbench suitable for use on these platforms?
>
> Any particular reason why the "Local Machine" radio button disabled?
>
> Next:
> I tried to do a scan of another Windows 7 machine using the
> U_Windows_7_V1R36_STIG_SCAP_1-2_Benchmark.xml.
> On the target machine I installed the latest OpenSSH from the WinSCP site
> OpenSSH-Win64. The sshd and ssh-agent start automatically.
> The manual states that the target should also have oscap >= 0.8.0 installed,
> however I could not find a binary for it. Is this missing piece the issue?
> I have to build this myself.
>
> The scan always fails. I constantly get the following error below.
> I'm new to SSH and I'm not sure if there is more configuration I have to do,
> such as generating keys on the target and installing them on the machine
> where the Workbench is running.
>
> Also, an Etherreal capture doesn't show any ssh protocol traffic.
>
> Any help would be appreciated.
>
> Thank you in advance,
> Joe
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list



-- 
Martin Preisler

More information about the Open-scap-list mailing list