> > > > Using RHEL 5.11 > > Built openscap-1.1.1 > > Please send us `oscap --v`. I don't see any reason why it shouldn't include > cpe:/o:redhat:enterprise_linux:5 but would like to know for sure. > > Here goes' I see it there. OpenSCAP command line tool (oscap) 1.1.1 Copyright 2009--2014 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ==== XCCDF Version: 1.2 OVAL Version: 5.10.1 CPE Version: 2.3 CVSS Version: 2.0 CVE Version: 2.0 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1 ==== Capabilities added by auto-loaded plugins ==== No plugins have been auto-loaded... ==== Paths ==== Schema files: /home/gschoep/prod/Linux_x86_64/openscap-1.1.1/share/openscap/schemas Default CPE files: /home/gschoep/prod/Linux_x86_64/openscap-1.1.1/share/openscap/cpe Probes: /home/gschoep/prod/Linux_x86_64/openscap-1.1.1/libexec/openscap ==== Inbuilt CPE names ==== Red Hat Enterprise Linux - cpe:/o:redhat:enterprise_linux Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5 Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6 Red Hat Enterprise Linux 7 - cpe:/o:redhat:enterprise_linux:7 Community Enterprise Operating System 5 - cpe:/o:centos:centos:5 Community Enterprise Operating System 6 - cpe:/o:centos:centos:6 Community Enterprise Operating System 7 - cpe:/o:centos:centos:7 Fedora 16 - cpe:/o:fedoraproject:fedora:16 Fedora 17 - cpe:/o:fedoraproject:fedora:17 Fedora 18 - cpe:/o:fedoraproject:fedora:18 Fedora 19 - cpe:/o:fedoraproject:fedora:19 Fedora 20 - cpe:/o:fedoraproject:fedora:20 Fedora 21 - cpe:/o:fedoraproject:fedora:21 Fedora 22 - cpe:/o:fedoraproject:fedora:22 Red Hat Enterprise Linux Optional Productivity Applications - cpe:/a:redhat:rhel_productivity Red Hat Enterprise Linux Optional Productivity Applications 5 - cpe:/a:redhat:rhel_productivity:5 ==== Supported OVAL objects and associated OpenSCAP probes ==== system_info probe_system_info family probe_family filehash probe_filehash environmentvariable probe_environmentvariable textfilecontent54 probe_textfilecontent54 textfilecontent probe_textfilecontent variable probe_variable xmlfilecontent probe_xmlfilecontent environmentvariable58 probe_environmentvariable58 filehash58 probe_filehash58 inetlisteningservers probe_inetlisteningservers partition probe_partition iflisteners probe_iflisteners selinuxboolean probe_selinuxboolean selinuxsecuritycontext probe_selinuxsecuritycontext systemdunitproperty probe_systemdunitproperty systemdunitdependency probe_systemdunitdependency file probe_file interface probe_interface password probe_password process probe_process runlevel probe_runlevel shadow probe_shadow uname probe_uname xinetd probe_xinetd sysctl probe_sysctl process58 probe_process58 gconf probe_gconf routingtable probe_routingtable > > xccdf.xml source from > > Downloaded "Red Hat 5 Manual STIG - Version 1, Release 8" > > from http://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx > > > > That contains the U_RedHat_5_V1R8_Manual-xccdf.xml file. > > Just a note, this is not scap-security-guide, it's a different content from > different authors. I will try to help regardless. > > It's a manual check content. That probably means that the checks are > described > but not automated. They don't bundle any OVAL files as far as I can see, > XCCDF > alone won't do any checks. > > From a cursory glance at the XCCDF file they use 2 check systems, one is > OVAL > but they don't include the oval.xml file. The other is "C-36041r1_chk". I > have > no idea what that is. It uses a file that's also not included. > > > I just tried running it, and all results show "notapplicable" > > Are you sure it's notapplicable? I would expect 'notchecked' in this case. > Yep. notapplicable. I tried removing the "Platform" lines, as suggested in one thread I saw, and it switched to notchecked. > > > Looking through the docs, it does seem to point out, and google seems to > > also point out that I need to be running on the right platform. It > seems I > > am. > > > > This is truly a Redhat 5 workstation(or server), not CentOS. > > > > My command looks like this > > oscap xccdf eval --profile MAC-1_Public --results result.xml > > U_RedHat_5_V1R8_Manual-xccdf.xml > > > > The zip file from iase website didn't contain a CPE file, so I assumed > one > > was not needed? Though I have a feeling this is my problem. > > openscap supports several CPE platforms without any CPE files. RHEL5 is > among > them. So yes, CPE file shouldn't be necessary. See `oscap --v` for a list > of > inbuilt CPE platforms. > > > NOTE, that when I running I do see this message to stderr > > WARNING: Skipping ./oval.xml file which is referenced from XCCDF content > > Yeah, that's openscap telling you that it can't find the checks. > > So I also tried on a RHEL6 machine. Seeing same thing. Is there a "debug" mode or something I can run to see what openscap "thinks" is the OS? If its not matching cpe:/o:redhat:enterprise_linux:5 (or 6) then maybe its getting confused and getting some totally different value. I guess I have the source code, I could try look at something in there... suggestions on where to start would be good
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
