----- Original Message ----- > From: "Ivan Saez Scheihing" <[email protected]> > To: "SCAP Security Guide" <[email protected]> > Sent: Tuesday, April 22, 2014 8:00:39 PM > Subject: Re: oscap & jboss on Fedora > > Martin, > > I was able to run xccdf and oscan after editing the eap5-xccdf.xml file. I > did comment out all '<platform idref="cpe:/a:redhat..' lines (5 lines in > total). > > java -jar xccdfexec.jar -result bla.xml --report bla.html --profile > eap5_full -c eap5-cpe-oval.xml -C eap5-cpe-dictionary.xl -P eap5_full
No idea what xccdfexec.jar is. Is it a wrapper around oscap? The arguments look familiar. > > Did run and asked me a lot's of questions. The same questions as can be > found in the JBossEAP5_Guide.html document. Based on my answers it > generated a few xml files. But am I mistaken or doesn't xccdfexec cheeck > anything? > > Oscap did check some things by it self (by inspecting jboss xml files I > supose). I run it with the following options: > > oscap xccdf eval --results bla.xml --report bla.html --profile eap5-full > -cpe eap5-cpe-dictionary.xml eap5-xccdf.xml > > > It generated the bla.html file and most of the checks were done. Previously > I did check the Jboss by hand and I think oscap is not very meticulous. > Some checks did get the passed status and I'm sure it should have failed. > Any comments on this/ We need more specifics, else I can't comment. Give us a particular rule that passed and shouldn't have. Post your xccdf result file, post your oval results. -- Martin Preisler _______________________________________________ scap-security-guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
