Hi, Oooops, that looks like we have a buch of memory issues, segfaults etc on ARM architecture.
I would like to point out that latest SCAP Workbench can scan remote machines over SSH [1] and also there is a small command line utility "oscap-ssh" [2]. ssg-debian8-ds.xml comes from "SCAP Security guide" [3] project. It's packaged only in Debian unstable (Sid) [4] Neither stable nor testing don't have it packaged. [1] https://www.open-scap.org/resources/documentation/evaluate-remote-machine-for-usgcb-compliance-with-scap-workbench/ [2] man oscap-ssh [3] https://github.com/OpenSCAP/scap-security-guide [4] https://packages.debian.org/sid/ssg-debian Regards Jan Černý Security Technologies | Red Hat, Inc. ----- Original Message ----- > From: "Luther Goh Lu Feng" <elf...@yahoo.com> > To: open-scap-list@redhat.com > Sent: Friday, April 7, 2017 8:39:36 AM > Subject: Re: [Open-scap] Using scap workbench to scan Debian on Beaglebone > Black > > For some strange reason, after a reboot, I have managed to scan without issue > using > > > - SCAP Workbench > - CLI: > oscap xccdf eval --fetch-remote-resources --results debian-xccdf.xml --report > debian-xccdf.html --profile xccdf_org.ssgproject.content_profile_common > ssg-debian8-ds.xml > > Just wish to double check that the CLI command is the correct one as well as > it is a guesstimate as I have not completed reading the manual yet > > One issue that I encountered is that I needed to physically transfer > ssg-debian8-ds.xml to my beaglebone black via scp as the file isn't present > on beaglebone black. Is this the correct way or is the file hiding somewhere > on the system? > > > On Friday, April 7, 2017 2:04 AM, Luther Goh Lu Feng <elf...@yahoo.com> > wrote: > > > > > > Having installed OpenSCAP 1.2.9, the workbench run is much more successful. > However there are still errors, albeit much lesser than before. Any tips? > > > > > 01:58:28 > info > Establishing connecting to remote target... > > > 01:58:32 > info > Connection established. > > > 01:58:32 > info > Checking if oscap is available on remote machine... > > > 01:58:39 > info > Querying capabilities on remote machine... > > > 01:58:47 > info > Copying input data to remote target... > > > 01:59:32 > info > Starting the remote process... > > > 01:59:32 > info > Processing on the remote machine... > > > 01:59:43 > error > The 'oscap' process has written the following content to stderr: E: The > package cache file is corrupted > > > 01:59:43 > error > The 'oscap' process has written the following content to stderr: E: The > package cache file is corrupted > > > 01:59:43 > error > The 'oscap' process has written the following content to stderr: E: The > package cache file is corrupted > > > 01:59:43 > error > The 'oscap' process has written the following content to stderr: E: The > package cache file is corrupted > > > 01:59:44 > error > The 'oscap' process has written the following content to stderr: E: The > package cache file is corrupted > > > 01:59:44 > error > The 'oscap' process has written the following content to stderr: E: The > package cache file is corrupted > > > 01:59:44 > error > The 'oscap' process has written the following content to stderr: E: The > package cache file is corrupted > > > 01:59:44 > error > The 'oscap' process has written the following content to stderr: E: The > package cache file is corrupted > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: OpenSCAP > Error: Probe with PID=10485 has been killed with signal 11 > [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Item > corresponding to object 'oval:ssg-obj_package_rsyslog_installed:obj:1' from > test 'oval:ssg-test_package_rsyslog_installed:tst:1' has an unknown flag. > This may indicate a bug in OpenSCAP. > [../../../../src/OVAL/results/oval_resultTest.c:908] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Probe with > PID=10510 has been killed with signal 11 > [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Item > corresponding to object 'oval:ssg-obj_package_telnetd_removed:obj:1' from > test 'oval:ssg-test_package_telnetd_removed:tst:1' has an unknown flag. This > may indicate a bug in OpenSCAP. > [../../../../src/OVAL/results/oval_resultTest.c:908] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Probe with > PID=10516 has been killed with signal 11 > [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Item > corresponding to object > 'oval:ssg-obj_package_inetutils-telnetd_removed:obj:1' from test > 'oval:ssg-test_package_inetutils-telnetd_removed:tst:1' has an unknown flag. > This may indicate a bug in OpenSCAP. > [../../../../src/OVAL/results/oval_resultTest.c:908] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Probe with > PID=10522 has been killed with signal 11 > [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Item > corresponding to object 'oval:ssg-obj_package_telnetd-ssl_removed:obj:1' > from test 'oval:ssg-test_package_telnetd-ssl_removed:tst:1' has an unknown > flag. This may indicate a bug in OpenSCAP. > [../../../../src/OVAL/results/oval_resultTest.c:908] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Probe with > PID=10528 has been killed with signal 11 > [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Item > corresponding to object 'oval:ssg-obj_package_nis_removed:obj:1' from test > 'oval:ssg-test_package_nis_removed:tst:1' has an unknown flag. This may > indicate a bug in OpenSCAP. > [../../../../src/OVAL/results/oval_resultTest.c:908] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Probe with > PID=10534 has been killed with signal 11 > [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Item > corresponding to object 'oval:ssg-obj_package_ntpdate_removed:obj:1' from > test 'oval:ssg-test_package_ntpdate_removed:tst:1' has an unknown flag. This > may indicate a bug in OpenSCAP. > [../../../../src/OVAL/results/oval_resultTest.c:908] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Probe with > PID=10540 has been killed with signal 11 > [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Item > corresponding to object 'oval:ssg-obj_package_ntp_installed:obj:1' from test > 'oval:ssg-test_package_ntp_installed:tst:1' has an unknown flag. This may > indicate a bug in OpenSCAP. > [../../../../src/OVAL/results/oval_resultTest.c:908] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Probe with > PID=10546 has been killed with signal 11 > [../../../../../src/OVAL/probes/SEAP/sch_pipe.c:173] > > > 01:59:46 > error > The 'oscap' process has written the following content to stderr: Item > corresponding to object 'oval:ssg-obj_package_openssh-server_removed:obj:1' > from test 'oval:ssg-test_package_openssh-server_removed:tst:1' has an > unknown flag. This may indicate a bug in OpenSCAP. > [../../../../src/OVAL/results/oval_resultTest.c:908] > > > 02:00:09 > info > Cleaning up... > > > 02:00:47 > info > Processing has been finished! > > > > > > On Friday, April 7, 2017 2:02 AM, Luther Goh Lu Feng <elf...@yahoo.com> > wrote: > > > > > > > On Thursday, April 6, 2017 10:20 PM, Luther Goh Lu Feng <elf...@yahoo.com> > wrote: > > > > Thanks for the suggestion! I will most certainly attempt to install OpenSCAP > 1.2.9 from testing. > > I am still very much a noob figuring out my way around the various security > concepts such as OVAL, XCCDF. So pardon me if I indicate any wrong > assumptions as I have not fully yet read the manual. > > > In my debugging, I have ran $ oscap oval eval --results debian-2014.xml > --report debian-2014.html oval-definitions-2014.xml, and managed to get a > proper report. The oval definitions are from debian[1]. > > So questions: > > - Does this successful run mean that OpenSCAP 1.0.9 supports OVAL 5.11 > without issues? > - Is OpenSCAP cli on par functionality wise with SCAP workbench? > > > [1] https://www.debian.org/security/oval/ > > > > > On Thursday, April 6, 2017 4:50 PM, Jan Cerny <jce...@redhat.com> wrote: > > > > Hi, > > That is pretty cool that you want to run OpenSCAP on such a device. > I like it! You're the first person that I know running it on ARM :) > > I think the problem is that Debian Jessie has OpenSCAP 1.0.9, > which is an old version that doesn't support systemd related tests > and it also can't process OVAL documents using OVAL standard 5.11, > which we use to write security policies. The error messages > look like that's the problem. > > I suggest trying to backport OpenSCAP packages from Debian Testing (Stretch) > Debian Testing has OpenSCAP 1.2.9 that supports those new standards > and systemd. > > Or you might try to compile the latest upstream release 1.2.14 directly from > the sources on Github [1] and install that on your device. > > However I don't have an ARM machine with Debian, so I haven't verified > if there is any other issue :) If you encounter a problem, > please inform us. Thank you. > > > [1] > https://github.com/OpenSCAP/openscap/releases/download/1.2.14/openscap-1.2.14.tar.gz > > > Best regards > > Jan Černý > Security Technologies | Red Hat, Inc. > > > > > > ----- Original Message ----- > > From: "Luther Goh Lu Feng" <elf...@yahoo.com> > > To: open-scap-list@redhat.com > > Sent: Thursday, April 6, 2017 6:07:18 AM > > Subject: [Open-scap] Using scap workbench to scan Debian on Beaglebone > > Black > > > > I have installed SCAP Workbench on Mac OS X[1] and attempted to scan a > > Beaglebone Black with Debian installed remotely. Debian has been installed > > with OpenSCAP[2]. However the scan threw up a lot of errors and didn't > > complete. I am only including a small subset of the errors so as not to > > overwhelm readers with the amount of text. But am happy to furnish the full > > logs in pastebin if it is helpful. Hope to have some tips. Thanks! > > > > > > 13:28:47 > > info > > Connection established. > > > > > > 13:28:47 > > info > > Checking if oscap is available on remote machine... > > > > > > 13:28:59 > > info > > Querying capabilities on remote machine... > > > > > > 13:29:13 > > info > > Copying input data to remote target... > > > > > > 13:30:32 > > info > > Starting the remote process... > > > > > > 13:30:32 > > info > > Processing on the remote machine... > > > > > > 13:30:47 > > error > > The 'oscap' process has written the following content to stderr: OpenSCAP > > Error: File '/tmp/tmp.3WyW7Kt0Aa' line 1835: Element > > '{http://oval.mitre.org/XMLSchema/oval-definitions-5#linux}systemdunitdependency_test': > > This element is not expected. > > > > > > 13:30:47 > > error > > The 'oscap' process has written the following content to stderr: > > [../../../src/XCCDF/xccdf_session.c:342] > > > > > > 13:30:47 > > error > > The 'oscap' process has written the following content to stderr: File > > '/tmp/tmp.3WyW7Kt0Aa' line 2482: Element > > '{http://oval.mitre.org/XMLSchema/oval-definitions-5#linux}systemdunitdependency_object': > > This element is not expected. > > > > > > 13:30:47 > > error > > The 'oscap' process has written the following content to stderr: > > [../../../src/XCCDF/xccdf_session.c:342] > > > > > > 13:30:47 > > error > > The 'oscap' process has written the following content to stderr: File > > '/tmp/tmp.3WyW7Kt0Aa' line 3427: Element > > '{http://oval.mitre.org/XMLSchema/oval-definitions-5#linux}systemdunitdependency_state': > > This element is not expected. > > > > > > 13:30:47 > > error > > The 'oscap' process has written the following content to stderr: > > [../../../src/XCCDF/xccdf_session.c:342] > > > > > > 13:30:47 > > error > > The 'oscap' process has written the following content to stderr: File > > '/tmp/tmp.3WyW7Kt0Aa' line 3653: Element > > '{http://oval.mitre.org/XMLSchema/oval-definitions-5}glob_to_regex': This > > element is not expected. Expected is one of ( > > {http://www.w3.org/2000/09/xmldsig#}Signature, > > {http://oval.mitre.org/XMLSchema/oval-definitions-5}object_component, > > {http://oval.mitre.org/XMLSchema/oval-definitions-5}variable_component, > > {http://oval.mitre.org/XMLSchema/oval-definitions-5}literal_component, > > {http://oval.mitre.org/XMLSchema/oval-definitions-5}arithmetic, > > {http://oval.mitre.org/XMLSchema/oval-definitions-5}begin, > > {http://oval.mitre.org/XMLSchema/oval-definitions-5}concat, > > {http://oval.mitre.org/XMLSchema/oval-definitions-5}end, > > {http://oval.mitre.org/XMLSchema/oval-definitions-5}escape_regex, > > {http://oval.mitre.org/XMLSchema/oval-definitions-5}split ). > > > > > > > > > > [1] https://www.open-scap.org/tools/scap-workbench/ > > [2] https://packages.debian.org/jessie/python-openscap > > > > _______________________________________________ > > Open-scap-list mailing list > > Open-scap-list@redhat.com > > https://www.redhat.com/mailman/listinfo/open-scap-list > > > > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list