<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">I can look but if your oxygen will run
out before 48 hours you may wish to order out for extra.<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 2/4/19 11:05 AM, Boucher, William
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:4634fbf2a19346ee8bed6e2fbededf47@ABQ-Ex01.mza.lan">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
address
{mso-style-priority:99;
mso-style-link:"HTML Address Char";
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;
font-style:italic;}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.HTMLAddressChar
{mso-style-name:"HTML Address Char";
mso-style-priority:99;
mso-style-link:"HTML Address";
font-family:"Calibri",sans-serif;
color:black;
font-style:italic;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Gary,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Is
anybody looking at this on the development side (determining
why so many rules end up nonapplicable and if the passes and
fails are the result of an accurate evaluation)?<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
--Bill<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">William
B. Boucher, BSEE<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Embedded
Systems Software Engineer
<br>
Information Systems Security Manager<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">MZA
Associates Corporation<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">4900
Lang Ave. NE, Suite 100<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Albuquerque,
NM 87109-9708<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Phone:
505.245.9970 x166<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Fax:
505.245.9971<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Cell:
505.459.7620<o:p></o:p></span></p>
<p class="MsoNormal"><u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue"><a
href="mailto:william.boucher@mza.com"
moz-do-not-send="true"><span style="color:#0563C1">william.boucher@mza.com</span></a></span></u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">
<a class="moz-txt-link-abbreviated" href="mailto:open-scap-list-bounces@redhat.com">open-scap-list-bounces@redhat.com</a>
[<a class="moz-txt-link-freetext" href="mailto:open-scap-list-bounces@redhat.com">mailto:open-scap-list-bounces@redhat.com</a>]
<b>On Behalf Of </b>Boucher, William<br>
<b>Sent:</b> Monday, February 4, 2019 9:04 AM<br>
<b>To:</b> Gary Gapinski <a class="moz-txt-link-rfc2396E" href="mailto:gapinski@nasa.gov"><gapinski@nasa.gov></a><br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:open-scap-list@redhat.com">open-scap-list@redhat.com</a><br>
<b>Subject:</b> Re: [Open-scap] Benchmark for Canonical
Ubuntu 16.04 LTS<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Gary,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Similar
results with Ububtu 16.04. Not all results were
notapplicable, score was given as 25%.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">After
building openscap and ComplianceAsCode/content I ran:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier
New";color:windowtext">sudo oscap xccdf eval –profile
standard –results ./xccdf-results.xml –cpe
/usr/local/share/xml/scap/ssg/content/ssg-ubuntu1604-cpe-dictionary.xml
/usr/local/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier
New";color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier
New";color:windowtext">sudo oscap oval eval –results
./oval-results.xml
/usr/local/share/xml/scap/ssg/content/ssg-ubuntu1604-oval.xml<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier
New";color:windowtext"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier
New";color:windowtext">sudo oscap xccdf generate report
–oval-template ./oval-results.xml ./xccdf-results.xml >
./report-xccdf-oval.html<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">15
rules passed, 6 inconclusive (unknown) and all the rest (24)
notapplicable.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Running:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Courier
New";color:windowtext">sudo oscap xccdf eval –profile
standard –results-arf ./results-arf.xml –report
./report-ds.html –results ./results-ds.xml
/usr/local/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">produced
the same numbers in the ds-generated report.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">I
see the value in using the data stream. But the
“notapplicable” items are largely applicable and should be
evaluated.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">
--Bill<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">William
B. Boucher, BSEE<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Embedded
Systems Software Engineer
<br>
Information Systems Security Manager<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">MZA
Associates Corporation<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">4900
Lang Ave. NE, Suite 100<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Albuquerque,
NM 87109-9708<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Phone:
505.245.9970 x166<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Fax:
505.245.9971<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif">Cell:
505.459.7620<o:p></o:p></span></p>
<p class="MsoNormal"><u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:blue"><a
href="mailto:william.boucher@mza.com"
moz-do-not-send="true"><span style="color:#0563C1">william.boucher@mza.com</span></a></span></u><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">
Gary Gapinski [<a href="mailto:gapinski@nasa.gov"
moz-do-not-send="true">mailto:gapinski@nasa.gov</a>]
<br>
<b>Sent:</b> Friday, January 25, 2019 9:50 AM<br>
<b>To:</b> Boucher, William <<a
href="mailto:William.Boucher@mza.com"
moz-do-not-send="true">William.Boucher@mza.com</a>><br>
<b>Cc:</b> <a href="mailto:open-scap-list@redhat.com"
moz-do-not-send="true">open-scap-list@redhat.com</a><br>
<b>Subject:</b> Re: [Open-scap] Benchmark for Canonical
Ubuntu 16.04 LTS<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 1/25/19 10:33 AM, Boucher, William
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"
style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Thank
you, Gary! I will attempt next to duplicate your process
with Ubuntu 1604.</span><o:p></o:p></p>
</blockquote>
<p>I may as well but cannot guarantee timeliness.<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">If
I am building OpenSCAP over my previous install of the
libopenscap8 package, do I need to remove libopenscap8
first or can I just make-install over it?</span><o:p></o:p></p>
</blockquote>
<p>I place the OpenSCAP install in <tt><span
style="font-size:10.0pt">/usr/local</span></tt> and ensure
it is used separately and preferentially (via
<tt><span style="font-size:10.0pt">$PATH</span></tt>) rather
than the one from the distro (or just not install from the
distro). I use
<tt><span style="font-size:10.0pt">cmake-gui ../</span></tt>
from within the <tt>
<span style="font-size:10.0pt">openscap/build</span></tt>
directory and change <tt>
<span style="font-size:10.0pt">CMAKE_INSTALL_PREFIX</span></tt>
to <tt><span style="font-size:10.0pt">/usr/local</span></tt>
(<tt><span style="font-size:10.0pt">cmake-gui,</span></tt>
tweak, configure, generate;
<tt><span style="font-size:10.0pt">make</span></tt>; <tt><span
style="font-size:10.0pt">sudo make install</span></tt>).
Installing on top of the distro version will likely cause
undesirable results.<o:p></o:p></p>
<p>I do not typically install ComplianceAsCode but simply access
the content from the cloned (and built) repo, but if you
install it I think it best to choose the same installation
target (e.g.,
<tt><span style="font-size:10.0pt">/usr/local</span></tt>) as
that of OpenSCAP.<o:p></o:p></p>
<p>A functional (and available) install of OpenSCAP is a
pre-requisite for building ComplianceAsCode.<o:p></o:p></p>
<p>Regards,<o:p></o:p></p>
<p>Gary<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">-- <o:p></o:p></p>
<address><span style="font-size:10.0pt">Gary Gapinski — DB
Consulting Group<br>
NASA Glenn Research Center<br>
℡ <a href="tel:+1%20216%20433%203959"
moz-do-not-send="true"><span
style="text-decoration:none">+1 216 433 3959</span></a>
— office<br>
℡ <a href="tel:+1%20216%20820%201849"
moz-do-not-send="true"><span
style="text-decoration:none">+1 216 820 1849</span></a>
— mobile<br>
<a href="mailto:gapinski@nasa.gov" moz-do-not-send="true"><span
style="text-decoration:none">gapinski@nasa.gov</span></a>
<o:p></o:p></span></address>
</div>
</div>
</blockquote>
<p><br>
</p>
<div class="moz-signature">-- <br>
<title></title>
<address style="font-size: smaller; text-decoration:none;"
xml:lang="en">Gary Gapinski — DB Consulting Group<br>
NASA Glenn Research Center<br>
℡ <a href="tel:+1 216 433 3959" style="text-decoration:none;">+1 216 433 3959</a>
— office<br>
℡ <a href="tel:+1 216 820 1849" style="text-decoration:none;">+1 216 820 1849</a>
— mobile<br>
<a href="mailto:gapinski@nasa.gov" style="text-decoration:none;">gapinski@nasa.gov</a>
</address>
</div>
</body>
</html>