Would need to understand where the content is coming from. Perhaps scap-security-guide in RHEL, and if so, what RHEL and SSG version?
Note red hat doesn’t publish rhel6 content in the National Checklist Program since rhel6 is out of active maintenance: https://nvd.nist.gov/ncp/repository?authority=Red+Hat&startIndex=0 Once the content source/version version is identified , the content can be ran through the NIST content validator tooling to see if there are problems with the content itself. > On Apr 29, 2019, at 11:19 AM, Jan Cerny <jce...@redhat.com> wrote: > > Hi, > > I have no idea. Does Nessus have any "verbose" mode to get more > helpful error message? > > Including scap-security-guide list in this conversation because there > might be people familiar with using SSG with Nessus. > > Regards > >> On Mon, Apr 29, 2019 at 4:54 PM Riaz Ebrahim <mriazebrah...@gmail.com> wrote: >> >> Hi Jan Cerny, >> >> Thanks a lot for your response, Your answer was very useful to understand >> about SSG files. As per your advice i tried with >> scap-security-guide-0.1.43-oval-510.zip and XML validation error was gone, >> but encountering new error as below from nessus >> >> "ssg-rhel6-ds-1.zip : Default namespace not found in OVAL" >> >> Do you get any clue by seeing this error?. Thanks in advance :) >> >> Thanks, >> Riaz >> >>> On Mon, Apr 29, 2019 at 2:44 PM Jan Cerny <jce...@redhat.com> wrote: >>> >>> Hi, >>> >>> I will try to answer, but I don't use Nessus, so I'm not sure what is >>> the exact reason of this fail. >>> >>> In general, the SSG files are validated against SCAP XML schemas, so >>> they are valid SCAP content. >>> However, SCAP standard consist of multiple separate specifications. >>> Strictly speaking, the SSG datastream >>> doesn't conform to SCAP 1.2 specification, because the datastream >>> contains OVAL checks conforming to OVAL >>> version 5.11 which is a part of SCAP 1.3. For SCAP 1.2 conformance it >>> would need to use OVAL checks >>> in version 5.10 or older. >>> >>> According to this forum thread, it seems that Nessus doesn't support >>> OVAL 5.11 it yet, but they say it's planned to be updated >>> https://community.tenable.com/s/question/0D5f200005hKRwqCAG/nessus-pro-7-trouble-getting-oval-scans-to-work >>> >>> It could be a problem that Nessus expects datastreams that contain >>> OVAL 5.10 only. >>> Try using the SSG datastreams that contain OVAL 5.10 only. They can be >>> downloaded from >>> https://github.com/ComplianceAsCode/content/releases/download/v0.1.43/scap-security-guide-0.1.43-oval-510.zip >>> I hope Nessus should be able to consume these files. >>> >>> The reason why we use 5.11 is that it contains new checks that allows >>> us to check easily system services using systemd >>> and other new things introduced in RHEL 7. The aforementioned >>> datastreams that contain OVAL 5.10 only >>> have limited abilities in comparison with those containing OVAL 5.11. >>> >>> Best Regards >>> >>> Jan Černý >>> Security Technologies | Red Hat, Inc. >>> >>> >>>> On Sat, Apr 27, 2019 at 6:34 AM Riaz Ebrahim <mriazebrah...@gmail.com> >>>> wrote: >>>> >>>> I need help on openscap SSG project. >>>> >>>> I am currently exploring SCAP Auditing feature from Nessus console. I >>>> understood that Nessus supports SCAP Content (1.0 or 1.1 or 1.2) which can >>>> be downloaded from NIST repository (https://nvd.nist.gov/ncp/repository) >>>> based on the target host version. This works great, However when i use >>>> SCAP from OpenSCAP SSG (example "ssg-rhel6-ds.xml”), i am getting error as >>>> “sg-rhel6-ds. .zip : sg-rhel6-ds.xml failed XML Schema validation” . >>>> >>>> I would like to what is the difference between openSSG scap data stream & >>>> scap1.2 content downloaded from NIST repository. How i can convert openssg >>>> data stream (Example - ssg-rhel6-ds.xml) to NIST scap 1.2 format. >>>> >>>> >>>> My objective - To use openscap SSG from Nessus. Nessus scap scanning >>>> expects SCAP 1.0, 1.1 or 1.2 content(in zip format). >>>> >>>> >>>> Thanks in advance! >>>> >>>> _______________________________________________ >>>> Open-scap-list mailing list >>>> Open-scap-list@redhat.com >>>> https://www.redhat.com/mailman/listinfo/open-scap-list > > > > -- > Jan Černý > Security Technologies | Red Hat, Inc. > _______________________________________________ > scap-security-guide mailing list -- scap-security-gu...@lists.fedorahosted.org > To unsubscribe send an email to > scap-security-guide-le...@lists.fedorahosted.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/scap-security-gu...@lists.fedorahosted.org
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list