On 07/09/2015 10:49 PM, Fen Labalme wrote:
Hi,
I'm using openscap 1.2.5 and SSG 0.1.24 with:
PROFILE = xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream
DATASTREAM = ssg-centos7-ds.xml
Resulting in this command:
oscap-ssh [email protected] <mailto:[email protected]> 22 xccdf eval
--profile
xccdf_org.ssgproject.content_profile_stig-rhel7-server-upstream
--results-arf scans/results-arf.xml --results scans/results.xml --report
scans/results.html scap/ssg-centos7-ds.xml
This is mostly working (it scans 3 high, 11 medium and 42 low severity
controls) but getting:
oscap exit code: 2
Fen, oscap exit code 2 is nothing to be woried about. Let me quote from
`man oscap`:
EXIT STATUS
Normally, the exit status is 0 when operation finished
successfully and 1 otherwise. In cases when oscap performs
evaluation of the system it may return 2 indicating success of
the operation but incompliance of the assessed system.
Martin, do you think it makes sence for oscap-ssh to change a message from
oscap exit code: 2
to
oscap finished successfully and found the system in incompliant state
?
(which I also see when scanning a RHEL71 machine)
For CentOS7, should I be using a different profile than the
"rhel7-server-upstream"?
And, any suggestions on how to debug the cause of the non-zero exit code?
Thanks!
=Fen
--
Fen Labalme, CivicActions.com
DevOps | Quality | Security
github/skype/twitter: openprivacy
--
Šimon Lukašík
Security Technologies, Red Hat, Inc.
--
SCAP Security Guide mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
