[Open-scap] Different results between oval and xccdf evaluation
Šimon Lukašík
slukasik at redhat.com
Tue May 29 08:07:28 UTC 2018
I really only quickly skimmed through, but this is what might be wrong.
In you DS file you have the following line
<definition id="oval:rabbit:def:13"
version="1" class="vulnerability">
Looking at the Table 21 in Section 4 of NIST SP 800-126 Revision 2 ...
this might be source of you problem.
If you cannot be bothered looking into Table 21 in Section 4 of NIST SP
800-126 Revision 2 you can just replace
<definition id="oval:rabbit:def:13"
version="1" class="vulnerability">
with
<definition id="oval:rabbit:def:13"
version="1" class="compliance">
Good luck and remember that life would be too easy without these
specification quirks.
Best,
~š.
On 05/28/2018 02:53 PM, Raymond Mercier wrote:
> Hi all,
>
> I have an xccdf file (I tried to simplify it to its maximum). See
> attached file rm.xml.
>
> When I execute the command "oscap xccdf eval --profile
> xccdf_rabbitmq_profile_standard rm.xml", I get a failed result.
> [root]# oscap xccdf eval --profile xccdf_rabbitmq_profile_standard rm.xml
> Title 1.3-s: TLS secure communication configuration
> Rule xccdf_rabbitmq_rule_13
> Result fail
>
> When I execute the command " oscap oval eval rm.xml", I get a success
> result.
> [root]# oscap oval eval rm.xml
> Definition oval:rabbit:def:13: true
> Evaluation done.
>
> The file "/etc/rabbitmq/rabbitmq.conf" used by the test contains 3 lines :
> toto
> tutu
> tata
>
> So, result should be "success". It seems result returned by oval is
> correct but result returned by xccdf is wrong.
>
> What is wrong ?
>
> Thanks a lot for any help
>
> Raymond Mercier
>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
>
~š.
More information about the Open-scap-list
mailing list