Hi Gabe, Thank you for your reply. I'm trying to use the 0.1.23 release, but having issues building the content. The error I get is:
Skipping datastream composition, use OpenSCAP 1.2.2 or later! mkdir -p dist/content cp output/ssg-fedora-xccdf.xml dist/content cp output/ssg-fedora-oval.xml dist/content cp output/ssg-fedora-ds.xml dist/content cp: cannot stat `output/ssg-fedora-ds.xml': No such file or directory make[1]: *** [dist] Error 1 make[1]: Leaving directory `/root/scap-security-guide-0.1.23/Fedora' make: *** [fedora] Error 2 I suspect the missing "ssg-fedora-ds.xml" has something to do with the "Skipping datastream composition" message above? I'm on CentOS6, and this is the version I got from the yum repos: [root@openscap-testing scap-security-guide-0.1.23]# rpm -qa openscap\* openscap-1.0.8-1.0.1.el6.centos.1.x86_64 openscap-content-1.0.8-1.0.1.el6.centos.1.noarch openscap-utils-1.0.8-1.0.1.el6.centos.1.x86_64 So, is this a matter of not being compatible with the version of openscap I'm using? Or, is the make process suppose to handle older versions of openscap more gracefully? Thanks, -Bond On 06/30/2015 03:54 PM, Gabe Alford wrote: > Hey Bond, > > As of SCAP Security Guide release 0.1.23, CentOS content is now > available (any older version will require tweaking). See the > announcement here: > https://lists.fedorahosted.org/pipermail/scap-security-guide/2015-June/006462.html > > You can download and build the SSG content from > https://github.com/OpenSCAP/scap-security-guide > > When you run the XCCDF, you have to specify the CentOS XCCDF like below: > > # oscap xccdf eval --profile stig-rhel6-server-upstream \ > --results /tmp/`hostname`-ssg-results.xml \ > --report /tmp/`hostname`-ssg-results.html \ > --cpe > /usr/share/xml/scap/ssg/content/ssg-centos6-cpe-dictionary.xml \ > /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml > > Please note that I believe that ssg-centos6-cpe-dictionary.xml is not > being built with SSG. OpenSCAP is here: > https://github.com/openscap/openscap and the announcement here: So I > believe all that needs to be done is: > > # oscap xccdf eval --profile stig-rhel6-server-upstream \ > --results /tmp/`hostname`-ssg-results.xml \ > --report /tmp/`hostname`-ssg-results.html \ > /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml > > Thanks, > > Gabe > > On Tue, Jun 30, 2015 at 3:56 PM, Bond Masuda <[email protected] > <mailto:[email protected]>> wrote: > > Hello, > > Is there a guide on how to use the RHEL SCAP content for CentOS? > When I > try to use it, I get a lot of "Result: notapplicable". What needs > to be > done? > > I'm using it with OpenSCAP per the manual: > > # oscap xccdf eval --profile stig-rhel6-server-upstream \ > --results /tmp/`hostname`-ssg-results.xml \ > --report /tmp/`hostname`-ssg-results.html \ > --cpe > /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \ > /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml > > TIA, > -Bond > -- > SCAP Security Guide mailing list > [email protected] > <mailto:[email protected]> > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ > > > >
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
