----- Original Message ----- > From: "Grant Schoep" <[email protected]> > To: [email protected] > Sent: Saturday, November 15, 2014 2:04:55 AM > Subject: First time running openscap, getting notapplicable > > Using RHEL 5.11 > Built openscap-1.1.1
Please send us `oscap --v`. I don't see any reason why it shouldn't include cpe:/o:redhat:enterprise_linux:5 but would like to know for sure. > xccdf.xml source from > Downloaded "Red Hat 5 Manual STIG - Version 1, Release 8" > from http://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx > > That contains the U_RedHat_5_V1R8_Manual-xccdf.xml file. Just a note, this is not scap-security-guide, it's a different content from different authors. I will try to help regardless. It's a manual check content. That probably means that the checks are described but not automated. They don't bundle any OVAL files as far as I can see, XCCDF alone won't do any checks. From a cursory glance at the XCCDF file they use 2 check systems, one is OVAL but they don't include the oval.xml file. The other is "C-36041r1_chk". I have no idea what that is. It uses a file that's also not included. > I just tried running it, and all results show "notapplicable" Are you sure it's notapplicable? I would expect 'notchecked' in this case. > Looking through the docs, it does seem to point out, and google seems to > also point out that I need to be running on the right platform. It seems I > am. > > This is truly a Redhat 5 workstation(or server), not CentOS. > > My command looks like this > oscap xccdf eval --profile MAC-1_Public --results result.xml > U_RedHat_5_V1R8_Manual-xccdf.xml > > The zip file from iase website didn't contain a CPE file, so I assumed one > was not needed? Though I have a feeling this is my problem. openscap supports several CPE platforms without any CPE files. RHEL5 is among them. So yes, CPE file shouldn't be necessary. See `oscap --v` for a list of inbuilt CPE platforms. > NOTE, that when I running I do see this message to stderr > WARNING: Skipping ./oval.xml file which is referenced from XCCDF content Yeah, that's openscap telling you that it can't find the checks. -- Martin Preisler -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
