----- Original Message ----- > From: "Rocio Romero" <ro...@wazuh.com> > To: open-scap-list@redhat.com > Sent: Tuesday, June 21, 2016 7:12:32 PM > Subject: [Open-scap] Create Datastream from xml with SCE > > Hi everyone!
Hi Rocio! > I’m creating some checks for iptables. For a few of them, I’m using SCE with > OSCAP. > > If I execute the oscap command with separated files (xccdf, oval, scripts…) > everything works as expected. > > Now I’m trying to get one data stream file with everything inside. > > I followed this tutorial http://isimluk.livejournal.com/3660.html > <http://isimluk.livejournal.com/3660.html> in order to get the ds file. But > I’m getting this errors: > > [root@localhost SCETest]# /usr/local/bin/oscap ds sds-compose > iptables-xccdf.xml iptables-datastream.xml > File '/home/leia/SCETest/iptables-datastream.xml' line 2: Element > '{http://scap.nist.gov/schema/scap/source/1.2}extended-components': This > element is not expected. Expected is ( > {http://scap.nist.gov/schema/scap/source/1.2}checks ). > OpenSCAP Error: Invalid SCAP Source Datastream (1.2) content in > /home/leia/SCETest/iptables-datastream.xml. [oscap_source.c:319] Source DataStream requires the <checks> element to be present and have at least one check component. As a simple workaround I recommend adding a rule that references an OVAL file. The OVAL file can have only one check - the check referenced by the Rule. With this workaround the validation requirements of SDS will be fulfilled. > And if I try to execute the oscap command with the created file I get this: > > [root@localhost SCETest]# /usr/local/bin/oscap xccdf eval --profile > xccdf_com.wazuh.test_profile_Test --results report.xml iptables-ds.xml > OpenSCAP Error: File 'iptables-ds.xml' line 2: Element > '{http://scap.nist.gov/schema/scap/source/1.2}extended-components': This > element is not expected. Expected is ( > {http://scap.nist.gov/schema/scap/source/1.2}checks ). > [xccdf_session.c:457] > Invalid SCAP Source Datastream (1.2) content in iptables-ds.xml. > [oscap_source.c:319] > Invalid SCAP Source Datastream (1.2) content in iptables-ds.xml > [xccdf_session.c:504] > > I assume that is the same error… Yes, this is the same error. > Maybe someone can help me with this. I really appreciate your help! Hope this helps! -- Martin Preisler Identity Management and Platform Security | Red Hat, Inc. _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list