Hi Dhanushka, have you run both 'systemctl start SERVICE' and 'systemctl enable SERVICE' (replace SERVICE with auditd and ntp)? If yes, it might be an issue either in OVAL checks or in the systemdunitdependency_probe. Please run the following scans and send us the outputs for further analysis:
*oscap xccdf eval --verbose DEVEL --profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --rule xccdf_org.ssgproject.content_rule_service_ntp_enabled ssg-debian8-ds.xml* and *oscap xccdf eval --verbose DEVEL --profile xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --rule xccdf_org.ssgproject.content_rule_service_auditd_enabled ssg-debian8-ds.xml* Best Regards, Matus Marhefka On Mon, Sep 3, 2018 at 11:59 AM, Dhanushka Parakrama < parakrama1...@gmail.com> wrote: > Guys > > Any news regarding the error > > On Wed, 29 Aug 2018 at 21:33, Dhanushka Parakrama <parakrama1...@gmail.com> > wrote: > >> >> Hi Team >> >> We have ran the scan for debian 8 using below command >> >> *oscap xccdf eval --profile >> xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report >> report.html ssg-debian8-ds.xml* >> >> Got alerts as below , >> =============== >> >> [image: image.png] >> >> >> >> To Fixed it we ran the below commands as suggested by the report >> >> *service ntp status* >> ● ntp.service - LSB: Start NTP daemon >> Loaded: loaded (/etc/init.d/ntp) >> Active: active (running) since Mon 2018-08-27 18:24:21 IST; 2 days ago >> CGroup: /system.slice/ntp.service >> └─473 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 112:120 >> >> Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 0 v4wildcard >> 0.0.0.0 UDP 123 >> Aug 27 18:24:21 oscapserver ntpd[473]: Listen and drop on 1 v6wildcard :: >> UDP 123 >> Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 2 lo 127.0.0.1 >> UDP 123 >> Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 3 eth0 >> 192.168.8.150 UDP 123 >> Aug 27 18:24:21 oscapserver ntpd[473]: Listen normally on 4 lo ::1 UDP 123 >> Aug 27 18:24:21 oscapserver ntpd[473]: peers refreshed >> Aug 27 18:24:21 oscapserver ntpd[473]: Listening on routing socket on fd >> #21 for interface updates >> Aug 27 18:24:21 oscapserver systemd[1]: Started LSB: Start NTP daemon. >> Aug 27 18:24:24 oscapserver ntpd[473]: Listen normally on 5 eth0 >> fe80::250:56ff:fe94:6150 UDP 123 >> Aug 27 18:24:24 oscapserver ntpd[473]: peers refreshed >> >> >> *service auditd status* >> ● auditd.service - Security Auditing Service >> Loaded: loaded (/lib/systemd/system/auditd.service; enabled) >> Active: active (running) since Tue 2018-08-28 14:41:28 IST; 1 day 6h >> ago >> Main PID: 12464 (auditd) >> CGroup: /system.slice/auditd.service >> └─12464 /sbin/auditd -n >> >> >> But even after we ran the scan after fixing it Report still shows as >> >> >> [image: image.png] >> >> Is there any reason for that ? >> >> >> Thank You >> Dhanushka >> >> >> > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list >
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
