Hi Bruno, you are on the latest versions, so that makes me scratch my head. There was a problem with the new DISA STIG Viewer references inside the security-guide. It was already fixed inside openscap.
Details can be found here: https://lists.fedorahosted.org/archives/list/scap-security-gu...@lists.fedorahosted.org/thread/SEUROBIB35TEENZCUK7XTPYPFSK32VKZ/ Can you check which reference is used inside your XCCDF profile? Regards, Alex~ On Fri, Oct 25, 2019 at 01:18:23PM +0000, Bruno Czenczelewski wrote: > The output of the --stig-viewer option does not contain test results when > used with latest (0.1.46) version of the security-guide. I'm using the latest > (1.3.2, from the maint-1.3 branch) version of the openscap tools downloaded > from the github-openscap repo. > > oscap -V > OpenSCAP command line tool (oscap) 1.3.2 > Copyright 2009--2018 Red Hat Inc., Durham, North Carolina. > > ==== Supported specifications ==== > XCCDF Version: 1.2 > OVAL Version: 5.11.1 > CPE Version: 2.3 > CVSS Version: 2.0 > CVE Version: 2.0 > Asset Identification Version: 1.1 > Asset Reporting Format Version: 1.1 > CVRF Version: 1.1 > > > The resulting output file is missing the "rule-result" section when compared > to using the 0.1.44 version of the security-guide: > > <rule-result idref="SV-87813r2_rule" time="2019-10-23T20:05:59" > severity="medium" weight="1.000000"> > <result>pass</result> > <ident system="https://nvd.nist.gov/cce/index.cfm";>CCE-80436-9</ident> > <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5";> > <check-content-ref > name="oval:ssg-mount_option_noexec_remote_filesystems:def:1" > href="ssg-rhel7-oval.xml"/> > </check> > </rule-result> > > > Thanks for any guidance. > > Bruno Czenczelewski > > > <http://www.fibermountain.com> > [cid:FMIDec2016.png] > > > Bruno Czenczelewski > > > br...@fibermountain.com > > > 352 Knotter Drive > Cheshire, CT06410 > www.fibermountain.com > > > [cid:redline.jpg] > > > P. (203) 806-4040 > C. (203) 806-4040 > F. (845) 358-7882 > > > > > > Disclaimer: The information contained in this communication is confidential, > may be privileged and is intended for the exclusive use of the above named > addressee(s). If you are not the intended recipient(s), you are expressly > prohibited from copying, distributing, disseminating, or in any other way > using any information contained within this communication. If you have > received this communication in error, please contact the sender by telephone > or by response via mail. We have taken precautions to minimize the risk of > transmitting software viruses, but we advise you to carry out your own virus > checks on this message, as well as any attachments. We cannot accept > liability for any loss or damage caused by software viruses. > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list -- Alexander Bergmann <abergm...@suse.com> Security Engineer, GPG: E30A 65A4 0F50 0066 B2B5 F614 DE54 E875 9FFA 4886 SUSE Software Solutions Germany GmbH Maxfeldstr. 5, 90409 Nuremberg, Germany (HRB 36809, AG Nürnberg) Managing Director: Felix Imendörffer
signature.asc
Description: PGP signature
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
