<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Courier New \;color\:windowtext";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
address
{mso-style-priority:99;
mso-style-link:"HTML Address Char";
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;
font-style:italic;}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.HTMLAddressChar
{mso-style-name:"HTML Address Char";
mso-style-priority:99;
mso-style-link:"HTML Address";
font-family:"Calibri",sans-serif;
color:black;
font-style:italic;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thanks Gary! Got your other note. Will look into your comments there and will pursue going after RedHawk 6.5 (my other task) using RedHat 5.5 OpenScap and DISA
xccdf, oval, etc. for that (as suggested by RedHawk folks), if I get stuck on Ubuntu, to validate the current oscap process and work out any other issues first. Not out of oxygen yet!<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">William B. Boucher, BSEE<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Embedded Systems Software Engineer
<br>
Information Systems Security Manager<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">MZA Associates Corporation<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">4900 Lang Ave. NE, Suite 100<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Albuquerque, NM 87109-9708<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Phone: 505.245.9970 x166<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Fax: 505.245.9971<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Cell: 505.459.7620<o:p></o:p></span></p>
<p class="MsoNormal"><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue"><a href="mailto:william.boucher@mza.com"><span style="color:#0563C1">william.boucher@mza.com</span></a></span></u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> Gary Gapinski [mailto:gapinski@nasa.gov]
<br>
<b>Sent:</b> Monday, February 4, 2019 10:26 AM<br>
<b>To:</b> Boucher, William <William.Boucher@mza.com><br>
<b>Cc:</b> open-scap-list@redhat.com<br>
<b>Subject:</b> Re: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">I can look but if your oxygen will run out before 48 hours you may wish to order out for extra.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">On 2/4/19 11:05 AM, Boucher, William wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Gary,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Is anybody looking at this on the development side (determining why so many rules end up nonapplicable and if the passes and fails are the result of an accurate
evaluation)?</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thanks,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> --Bill</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">William B. Boucher, BSEE</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Embedded Systems Software Engineer
<br>
Information Systems Security Manager</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">MZA Associates Corporation</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">4900 Lang Ave. NE, Suite 100</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Albuquerque, NM 87109-9708</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Phone: 505.245.9970 x166</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Fax: 505.245.9971</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Cell: 505.459.7620</span><o:p></o:p></p>
<p class="MsoNormal"><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue"><a href="mailto:william.boucher@mza.com"><span style="color:#0563C1">william.boucher@mza.com</span></a></span></u><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">
<a href="mailto:open-scap-list-bounces@redhat.com">open-scap-list-bounces@redhat.com</a> [<a href="mailto:open-scap-list-bounces@redhat.com">mailto:open-scap-list-bounces@redhat.com</a>]
<b>On Behalf Of </b>Boucher, William<br>
<b>Sent:</b> Monday, February 4, 2019 9:04 AM<br>
<b>To:</b> Gary Gapinski <a href="mailto:gapinski@nasa.gov"><gapinski@nasa.gov></a><br>
<b>Cc:</b> <a href="mailto:open-scap-list@redhat.com">open-scap-list@redhat.com</a><br>
<b>Subject:</b> Re: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Gary,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Similar results with Ububtu 16.04. Not all results were notapplicable, score was given as 25%.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">After building openscap and ComplianceAsCode/content I ran:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New ;color:windowtext",serif">sudo oscap xccdf eval –profile standard –results ./xccdf-results.xml –cpe /usr/local/share/xml/scap/ssg/content/ssg-ubuntu1604-cpe-dictionary.xml /usr/local/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New ;color:windowtext",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New ;color:windowtext",serif">sudo oscap oval eval –results ./oval-results.xml /usr/local/share/xml/scap/ssg/content/ssg-ubuntu1604-oval.xml</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New ;color:windowtext",serif"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New ;color:windowtext",serif">sudo oscap xccdf generate report –oval-template ./oval-results.xml ./xccdf-results.xml > ./report-xccdf-oval.html</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">15 rules passed, 6 inconclusive (unknown) and all the rest (24) notapplicable.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Running:</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New ;color:windowtext",serif">sudo oscap xccdf eval –profile standard –results-arf ./results-arf.xml –report ./report-ds.html –results ./results-ds.xml /usr/local/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">produced the same numbers in the ds-generated report.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I see the value in using the data stream. But the “notapplicable” items are largely applicable and should be evaluated.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> --Bill</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">William B. Boucher, BSEE</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Embedded Systems Software Engineer
<br>
Information Systems Security Manager</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">MZA Associates Corporation</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">4900 Lang Ave. NE, Suite 100</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Albuquerque, NM 87109-9708</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Phone: 505.245.9970 x166</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Fax: 505.245.9971</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Cell: 505.459.7620</span><o:p></o:p></p>
<p class="MsoNormal"><u><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue"><a href="mailto:william.boucher@mza.com"><span style="color:#0563C1">william.boucher@mza.com</span></a></span></u><o:p></o:p></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> Gary Gapinski [<a href="mailto:gapinski@nasa.gov">mailto:gapinski@nasa.gov</a>]
<br>
<b>Sent:</b> Friday, January 25, 2019 9:50 AM<br>
<b>To:</b> Boucher, William <<a href="mailto:William.Boucher@mza.com">William.Boucher@mza.com</a>><br>
<b>Cc:</b> <a href="mailto:open-scap-list@redhat.com">open-scap-list@redhat.com</a><br>
<b>Subject:</b> Re: [Open-scap] Benchmark for Canonical Ubuntu 16.04 LTS</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 1/25/19 10:33 AM, Boucher, William wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thank you, Gary! I will attempt next to duplicate your process with Ubuntu 1604.</span><o:p></o:p></p>
</blockquote>
<p>I may as well but cannot guarantee timeliness.<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">If I am building OpenSCAP over my previous install of the libopenscap8 package, do I need to remove libopenscap8 first or can I just make-install over it?</span><o:p></o:p></p>
</blockquote>
<p>I place the OpenSCAP install in <tt><span style="font-size:10.0pt">/usr/local</span></tt> and ensure it is used separately and preferentially (via
<tt><span style="font-size:10.0pt">$PATH</span></tt>) rather than the one from the distro (or just not install from the distro). I use
<tt><span style="font-size:10.0pt">cmake-gui ../</span></tt> from within the <tt>
<span style="font-size:10.0pt">openscap/build</span></tt> directory and change <tt>
<span style="font-size:10.0pt">CMAKE_INSTALL_PREFIX</span></tt> to <tt><span style="font-size:10.0pt">/usr/local</span></tt> (<tt><span style="font-size:10.0pt">cmake-gui,</span></tt> tweak, configure, generate;
<tt><span style="font-size:10.0pt">make</span></tt>; <tt><span style="font-size:10.0pt">sudo make install</span></tt>). Installing on top of the distro version will likely cause undesirable results.<o:p></o:p></p>
<p>I do not typically install ComplianceAsCode but simply access the content from the cloned (and built) repo, but if you install it I think it best to choose the same installation target (e.g.,
<tt><span style="font-size:10.0pt">/usr/local</span></tt>) as that of OpenSCAP.<o:p></o:p></p>
<p>A functional (and available) install of OpenSCAP is a pre-requisite for building ComplianceAsCode.<o:p></o:p></p>
<p>Regards,<o:p></o:p></p>
<p>Gary<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">-- <o:p></o:p></p>
<address><span style="font-size:10.0pt">Gary Gapinski — DB Consulting Group<br>
NASA Glenn Research Center<br>
℡ <a href="tel:+1%20216%20433%203959"><span style="text-decoration:none">+1 216 433 3959</span></a> — office<br>
℡ <a href="tel:+1%20216%20820%201849"><span style="text-decoration:none">+1 216 820 1849</span></a> — mobile<br>
<a href="mailto:gapinski@nasa.gov"><span style="text-decoration:none">gapinski@nasa.gov</span></a>
</span><o:p></o:p></address>
</div>
</blockquote>
<p><o:p> </o:p></p>
<div>
<p class="MsoNormal">-- <br>
<br>
<o:p></o:p></p>
<address><span style="font-size:10.0pt">Gary Gapinski — DB Consulting Group<br>
NASA Glenn Research Center<br>
℡ <a href="tel:+1%20216%20433%203959"><span style="text-decoration:none">+1 216 433 3959</span></a> — office<br>
℡ <a href="tel:+1%20216%20820%201849"><span style="text-decoration:none">+1 216 820 1849</span></a> — mobile<br>
<a href="mailto:gapinski@nasa.gov"><span style="text-decoration:none">gapinski@nasa.gov</span></a>
<o:p></o:p></span></address>
</div>
</div>
</body>
</html>