[Spacewalk-list] OpenSCAP WEB UI Spacewalk problem
Paul Jones
paul.jones at atass-sports.co.uk
Mon Oct 5 08:05:09 UTC 2015
On 02/10/15 19:30, Rose Dowson wrote:
Hi,
I'm new to spacewalk that's why I didn't know how to configure scap into my spacewalk systems centos 6. I did these steps : https://www.redhat.com/archives/spacewalk-list/2015-January/msg00165.html
You can chack what does it mean in this screenshot.
Thank you for the help.
Regards,
2015-10-02 12:12 GMT+01:00 Jan Dobes <jdobes at redhat.com<mailto:jdobes at redhat.com>>:
----- Original Message -----
> From: "Rose Dowson" <rose20.dowson at gmail.com<mailto:rose20.dowson at gmail.com>>
> To: spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>
> Sent: Thursday, October 1, 2015 3:39:32 PM
> Subject: [Spacewalk-list] OpenSCAP WEB UI Spacewalk problem
>
> Hi,
>
> I tried to scan my spacewalk client centos 6 with the web interface of my
> spacewalk server but the scan fail every time . I didn't khnow what is the
> problem.
>
>
> Please help me .
>
>
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
> https://www.redhat.com/mailman/listinfo/spacewalk-list
Hi,
what does mean fail? In the web interface you only schedule scap action which has then to be picked up on client with rhn_check/osad.
Also check
https://fedorahosted.org/spacewalk/wiki/Scap
https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/html/User_Guide/chap-Maintaining_System_Security_Using_OpenSCAP.html
Regards,
--
Jan Dobes
Satellite Engineering, Red Hat
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list
Hi,
Chances are if the scan is immediately failing that it's not picking up the config files correctly or something in them is incorrect. You may get more info from the usual /var/log/messages on the target machine.
I have found that the following works for me running CentOS 6:
* Editing ssg-rhel6-xccdf.xml and ssg-rhel6-cpe-dictionary.xml to replace RedHat with CentOS as per your link.
* Scheduling a new XCCDF Scan in the Spacewalk GUI with the following:
Command: /usr/bin/oscap xccdf eval
Arguments: --profile stig-rhel6-server-upstream --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml
Path: /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
This 'works', although you then may want to toggle things on/off in the ssg-rhel6-xccdf.xml file depending on what you're happy allowing as a potential risk.
Hope that helps!
Paul
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20151005/9050ff82/attachment.htm>
More information about the Spacewalk-list
mailing list