[Open-scap] Ensure that official distribution repositories are used check failed in Debian 8
Marek Haicman
mhaicman at redhat.com
Fri Sep 7 09:25:38 UTC 2018
Hello Dhanushka,
first of, I added scap-security-guide list, as that will make more sense
for this kind of questions. open-scap-list is mostly about scanner
issues (and in 99% cases, problem is in content, not in the scanner).
Regarding the problem itself, it would be great if you took a look at
the sources for the oval, maybe you'll be able to find the issue
yourself. As you are on the platform.
To find the source for the issue, I have checked the ID of the rule is
rule_apt_sources_official. So calling this in cloned git repo:
`find . | grep apt_sources_list`
will tell you where are the sources:
./linux_os/guide/services/apt/apt_sources_list_official/oval/shared.xml
is the source for check.
There is no complexity, there just regexes, so if you find an issue,
pull request with the fix would be awesome, but explanation what is the
bug will also do.
Thanks!
Marek
On 09/07/2018 07:38 AM, Dhanushka Parakrama wrote:
> Hi Team
>
> In Debian 8 */etc/apt/sources.list *file include below repositories
>
> deb http://ftp.us.debian.org/debian/ jessie main
> deb-src http://ftp.us.debian.org/debian/ jessie main
>
> deb http://security.debian.org/ jessie/updates main
> deb-src http://security.debian.org/ jessie/updates main
>
> but still *oscap xccdf eval --profile
> xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report
> report.html ssg-debian8-ds.xml * Scan says
>
> image.png
>
> *Ensure that official distribution repositories are used * -> *FAIL*
> Is there any reason for that ?
>
> Thank You
> Dhanushka
>
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
>
More information about the Open-scap-list
mailing list