Thanks Jan! Please see inline response below... On 07/04/2015 04:32 AM, Jan Lieskovsky wrote: > Hello Bond, > > thank you for your report. > > ----- Original Message ----- > > I can reproduce that issue, when issuing just 'plain' "make" in the > scap-security-guide-0.1.23 folder. The issue is Fedora content by > default requires OVAL-5.11 language version already, and the version > of the openscap RPM you are trying to build Fedora content against > (openscap-1.0.8-1.0.1.el6.centos.1.x86_64) does not support OVAL-5.11 > language version yet. > > We will correct this problem in an official way in the upcoming 0.1.24 > upstream release (should be available for download during next week). > > For now please use the following workaround (in the scap-security-guide-0.1.23 > directory after expanding the tarball), issue the following command: > > # make SSG_VERSION_IS_GIT_SNAPSHOT=no rpm > > This will correctly produce working RPM that can be subsequently used > on RHEL-6 / CentOS6 system.
Yes, I was able to build the RPM, however not able to run with oscap. More below... >> As of SCAP Security Guide release 0.1.23, CentOS content is now available >> (any older version will require tweaking). See the announcement here: >> https://lists.fedorahosted.org/pipermail/scap-security-guide/2015-June/006462.html >> >> You can download and build the SSG content from >> https://github.com/OpenSCAP/scap-security-guide >> >> When you run the XCCDF, you have to specify the CentOS XCCDF like below: >> >> # oscap xccdf eval --profile stig-rhel6-server-upstream \ >> --results /tmp/`hostname`-ssg-results.xml \ >> --report /tmp/`hostname`-ssg-results.html \ >> --cpe /usr/share/xml/scap/ssg/content/ssg-centos6-cpe-dictionary.xml \ >> /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml >> >> Please note that I believe that ssg-centos6-cpe-dictionary.xml is not being >> built with SSG. OpenSCAP is here: https://github.com/openscap/openscap and >> the announcement here: So I believe all that needs to be done is: >> >> # oscap xccdf eval --profile stig-rhel6-server-upstream \ >> --results /tmp/`hostname`-ssg-results.xml \ >> --report /tmp/`hostname`-ssg-results.html \ >> /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml >> Trying to run the last command above without specifying CPE, results in all tests being "notapplicable". And I confirmed there is no cpe-dictionary.xml being built for CentOS6. What am I missing? -Bond -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
