[Open-scap] Different results between oval and xccdf evaluation

Raymond Mercier raymond.rm.mercier at gmail.com
Tue May 29 08:21:38 UTC 2018 

Hi Simon

Thank you for your message, you are totally right and I understood the
problem (and fixed it)

You are a trooper, thank you !!
Raymond

2018-05-29 10:07 GMT+02:00 Šimon Lukašík <slukasik at redhat.com>:

> I really only quickly skimmed through, but this is what might be wrong.
>
> In you DS file you have the following line
>
>                                 <definition id="oval:rabbit:def:13"
> version="1" class="vulnerability">
>
> Looking at the Table 21 in Section 4 of NIST SP 800-126 Revision 2 ...
> this might be source of you problem.
>
> If you cannot be bothered looking into Table 21 in Section 4 of NIST SP
> 800-126 Revision 2 you can just replace
>
>                                 <definition id="oval:rabbit:def:13"
> version="1" class="vulnerability">
>
> with
>
>                                 <definition id="oval:rabbit:def:13"
> version="1" class="compliance">
>
> Good luck and remember that life would be too easy without these
> specification quirks.
>
> Best,
> ~š.
>
> On 05/28/2018 02:53 PM, Raymond Mercier wrote:
>
>> Hi all,
>>
>> I have an xccdf file (I tried to simplify it to its maximum). See
>> attached file rm.xml.
>>
>> When I execute the command "oscap xccdf eval --profile
>> xccdf_rabbitmq_profile_standard  rm.xml", I get a failed result.
>> [root]# oscap xccdf eval  --profile xccdf_rabbitmq_profile_standard
>> rm.xml
>> Title   1.3-s: TLS secure communication configuration
>> Rule    xccdf_rabbitmq_rule_13
>> Result  fail
>>
>> When I execute the command " oscap oval eval   rm.xml", I get a success
>> result.
>> [root]# oscap oval eval   rm.xml
>> Definition oval:rabbit:def:13: true
>> Evaluation done.
>>
>> The file "/etc/rabbitmq/rabbitmq.conf" used by the test contains 3 lines :
>> toto
>> tutu
>> tata
>>
>> So, result should be "success". It seems result returned by oval is
>> correct but result returned by xccdf is wrong.
>>
>> What is wrong ?
>>
>> Thanks a lot for any help
>>
>> Raymond Mercier
>>
>>
>> _______________________________________________
>> Open-scap-list mailing list
>> Open-scap-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/open-scap-list
>>
>>
>
> ~š.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20180529/401898b9/attachment.htm>

More information about the Open-scap-list mailing list