[Spacewalk-list] Issues with oscap + SW v1.8

Tue Dec 11 13:52:15 UTC 2012

On 11/26/2012 06:42 PM, Snyder, Chris wrote:
> I’m having issues trying to audit my hosts with openscap and spacewalk
> v1.8 with the latest DISA STIGS for RHEL5. No matter what I try to do,
> the results of the audit commands I schedule via Spacewalk all return
> the tests as ‘notapplicable’.
> 

Hello Chris,

> (I tried to use openscap v0.9.2, but it seems that it has issues with
> the STIG V1R1 XML code, whereas 0.9.1 runs without error, but I’m
> willing to try 0.9.2 again.)
> 

If there are any errors in 0.9.2 as opposed to 0.9.1, OpenSCAP mailing
list is the right place to describe it.

> Am I using openscap incorrectly here, or should the ‘—cpe’ arugement be
> allowed/required via the webGUI?
> 

Your problem description is very accurate and You are right --cpe should
be allowed via WebUI. It's been fixed in

    1a3f72077e3ec5bbaa786a4b9755e8f1be53357c [1]

Here are the options you have:

 (A) Wait for OpenSCAP 0.9.3. Which has incorporated a default CPE
dictionary. Then there are no other option are needed for the scan.

 (B) Pick the fixed spacewalk-oscap package from nightly repository [1].
Which allows --cpe argument. Then for scan you need to specify arguments
on the WebUI like: --profile MAC-1_Public --cpe
/root/U_RedHat_5-V1R1_STIG_Benchmark-cpe-dictionary.xml

 (C) Remove the <xccdf:platform> element from the xccdf.

 (D) Alternatively, you can use the openscap package from RHN which does
not suffer these symptoms.

Best regards,

-- 
Simon Lukasik
Security Technologies

[1] It's been just built as
http://koji.spacewalkproject.org/koji/getfile?taskID=117601&name=spacewalk-oscap-0.0.12-1.el5.noarch.rpm
It will appear in nightly repository in a few hours.