<div dir="ltr"><div dir="ltr">Thanks Shawn, I have used NIST content validation and realized the test passed for ssg-rhel6-ds.xml (downloaded from <a href="https://github.com/ComplianceAsCode/content/releases/download/v0.1.43/scap-security-guide-0.1.43-oval-510.zip" target="_blank">https://github.com/ComplianceAsCode/content/releases/download/v0.1.43/scap-security-guide-0.1.43-oval-510.zip</a>) However Nessus SCAP scanning gives error as "Default namespace not found in OVAL" I am checking with Nessus tech support team</div><div dir="ltr"> </div><div>Thanks,</div><div>Riaz </div></div> <div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 30, 2019 at 12:16 AM Shawn Wells <<a href="mailto:shawn@redhat.com">shawn@redhat.com</a>> wrote: </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div dir="ltr"></div><div dir="ltr">Would need to understand where the content is coming from. Perhaps scap-security-guide in RHEL, and if so, what RHEL and SSG version?</div><div dir="ltr"> </div><div dir="ltr">Note red hat doesn’t publish rhel6 content in the National Checklist Program since rhel6 is out of active maintenance:</div><div dir="ltr"> </div><div dir="ltr"><a href="https://nvd.nist.gov/ncp/repository?authority=Red+Hat&startIndex=0" target="_blank">https://nvd.nist.gov/ncp/repository?authority=Red+Hat&startIndex=0</a></div><div dir="ltr"> </div><div dir="ltr">Once the content source/version version is identified , the content can be ran through the NIST content validator tooling to see if there are problems with the content itself.</div><div dir="ltr"> </div><div dir="ltr"> </div><div dir="ltr"> On Apr 29, 2019, at 11:19 AM, Jan Cerny <<a href="mailto:jcerny@redhat.com" target="_blank">jcerny@redhat.com</a>> wrote: </div><blockquote type="cite"><div dir="ltr">Hi, I have no idea. Does Nessus have any "verbose" mode to get more helpful error message? Including scap-security-guide list in this conversation because there might be people familiar with using SSG with Nessus. Regards On Mon, Apr 29, 2019 at 4:54 PM Riaz Ebrahim <<a href="mailto:mriazebrahim1@gmail.com" target="_blank">mriazebrahim1@gmail.com</a>> wrote: <blockquote type="cite"> </blockquote><blockquote type="cite">Hi Jan Cerny, </blockquote><blockquote type="cite"> </blockquote><blockquote type="cite">Thanks a lot for your response, Your answer was very useful to understand about SSG files. As per your advice i tried with scap-security-guide-0.1.43-oval-510.zip and XML validation error was gone, but encountering new error as below from nessus </blockquote><blockquote type="cite"> </blockquote><blockquote type="cite">"ssg-rhel6-ds-1.zip : Default namespace not found in OVAL" </blockquote><blockquote type="cite"> </blockquote><blockquote type="cite">Do you get any clue by seeing this error?. Thanks in advance :) </blockquote><blockquote type="cite"> </blockquote><blockquote type="cite">Thanks, </blockquote><blockquote type="cite">Riaz </blockquote><blockquote type="cite"> </blockquote><blockquote type="cite">On Mon, Apr 29, 2019 at 2:44 PM Jan Cerny <<a href="mailto:jcerny@redhat.com" target="_blank">jcerny@redhat.com</a>> wrote: </blockquote><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Hi, </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">I will try to answer, but I don't use Nessus, so I'm not sure what is </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">the exact reason of this fail. </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">In general, the SSG files are validated against SCAP XML schemas, so </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">they are valid SCAP content. </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">However, SCAP standard consist of multiple separate specifications. </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Strictly speaking, the SSG datastream </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">doesn't conform to SCAP 1.2 specification, because the datastream </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">contains OVAL checks conforming to OVAL </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">version 5.11 which is a part of SCAP 1.3. For SCAP 1.2 conformance it </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">would need to use OVAL checks </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">in version 5.10 or older. </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">According to this forum thread, it seems that Nessus doesn't support </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">OVAL 5.11 it yet, but they say it's planned to be updated </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="https://community.tenable.com/s/question/0D5f200005hKRwqCAG/nessus-pro-7-trouble-getting-oval-scans-to-work" target="_blank">https://community.tenable.com/s/question/0D5f200005hKRwqCAG/nessus-pro-7-trouble-getting-oval-scans-to-work</a> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">It could be a problem that Nessus expects datastreams that contain </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">OVAL 5.10 only. </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Try using the SSG datastreams that contain OVAL 5.10 only. They can be </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">downloaded from </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><a href="https://github.com/ComplianceAsCode/content/releases/download/v0.1.43/scap-security-guide-0.1.43-oval-510.zip" target="_blank">https://github.com/ComplianceAsCode/content/releases/download/v0.1.43/scap-security-guide-0.1.43-oval-510.zip</a> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">I hope Nessus should be able to consume these files. </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">The reason why we use 5.11 is that it contains new checks that allows </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">us to check easily system services using systemd </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">and other new things introduced in RHEL 7. The aforementioned </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">datastreams that contain OVAL 5.10 only </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">have limited abilities in comparison with those containing OVAL 5.11. </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Best Regards </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Jan Černý </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">Security Technologies | Red Hat, Inc. </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote><blockquote type="cite"><blockquote type="cite">On Sat, Apr 27, 2019 at 6:34 AM Riaz Ebrahim <<a href="mailto:mriazebrahim1@gmail.com" target="_blank">mriazebrahim1@gmail.com</a>> wrote: </blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">I need help on openscap SSG project. </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">I am currently exploring SCAP Auditing feature from Nessus console. I understood that Nessus supports SCAP Content (1.0 or 1.1 or 1.2) which can be downloaded from NIST repository (<a href="https://nvd.nist.gov/ncp/repository" target="_blank">https://nvd.nist.gov/ncp/repository</a>) based on the target host version. This works great, However when i use SCAP from OpenSCAP SSG (example "ssg-rhel6-ds.xml”), i am getting error as “sg-rhel6-ds. .zip : sg-rhel6-ds.xml failed XML Schema validation” . </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">I would like to what is the difference between openSSG scap data stream & scap1.2 content downloaded from NIST repository. How i can convert openssg data stream (Example - ssg-rhel6-ds.xml) to NIST scap 1.2 format. </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">My objective - To use openscap SSG from Nessus. Nessus scap scanning expects SCAP 1.0, 1.1 or 1.2 content(in zip format). </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Thanks in advance! </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"> </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">_______________________________________________ </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Open-scap-list mailing list </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><a href="mailto:Open-scap-list@redhat.com" target="_blank">Open-scap-list@redhat.com</a> </blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><a href="https://www.redhat.com/mailman/listinfo/open-scap-list" target="_blank">https://www.redhat.com/mailman/listinfo/open-scap-list</a> </blockquote></blockquote></blockquote> -- Jan Černý Security Technologies | Red Hat, Inc. _______________________________________________ scap-security-guide mailing list -- <a href="mailto:scap-security-guide@lists.fedorahosted.org" target="_blank">scap-security-guide@lists.fedorahosted.org</a> To unsubscribe send an email to <a href="mailto:scap-security-guide-leave@lists.fedorahosted.org" target="_blank">scap-security-guide-leave@lists.fedorahosted.org</a> Fedora Code of Conduct: <a href="https://getfedora.org/code-of-conduct.html" target="_blank">https://getfedora.org/code-of-conduct.html</a> List Guidelines: <a href="https://fedoraproject.org/wiki/Mailing_list_guidelines" target="_blank">https://fedoraproject.org/wiki/Mailing_list_guidelines</a> List Archives: <a href="https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org" target="_blank">https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedorahosted.org</a> </div></blockquote></div></blockquote></div>