Upon further investigation, this seems to be caused by the --oval-results option. And yes, I realized that a) I don't need the --check-engine-results options and b) I can create a tailoring file for use without the datastream. So regardless of whether or not I use the datastream or the seperate xccdf and cpe files, adding the --oval-results option kills the report generation. (the machine has 16GB of RAM btw).
Also, should I move the discussion to the Red Hat GovSec list instead? - Chuck On Tue, Oct 6, 2015 at 12:40 PM, Chuck Atkins <[email protected]> wrote: > I just did a fresh install of RHEL6, with minimal desktop configuration, > applied all updates, and installed scap-security-guide, openscap, and > scap-workbench from the system repos. First I created a tailoring file > with SCAP Workbench to adjust the STIG server profile for desktop usage > (allow X, remove various server packages, etc.). The scan worked fine but > when generating the results and report, I get a bunch of memory allocation > errors. When I tried to evaluate from the command line instead, using the > tailoring file from scap-workbench, I get: > > [root@rhel6-stig-vm ~]# oscap xccdf eval \ > --tailoring-file ssg-rhel6-kw-desktop-xccdf.xml \ > --profile xccdf_kitware.com_profile_stig-rhel6-server-upstream_desktop \ > --report ssg-report.html --results ssg-results.xml \ > --check-engine-results --oval-results \ > /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml > > ... > all benchmark rules process > ... > > XPath error : Memory allocation failed : growing nodeset hit limit > > growing nodeset hit limit > > ^ > runtime error: file /usr/share/openscap/xsl/xccdf-report-oval-details.xsl > line 39 element key > Failed to evaluate the 'match' expression. > > (error repeated 4 times) > > The RPMs installed as reported by yum are: > > openscap-utils.x86_64 1.2.4-1.el6_6sat > @rhel-6-workstation-satellite-tools-6.1-rpms > scap-security-guide.noarch 0.1.21-3.el6 > @rhel-6-workstation-rpms > [root@rhel6-stig-vm ~]# > > Interestingly, I don't seem to get these memory errors when I run against > the xccdf directly and not the combined datastream, but then I can't use > the tailoring file I created. Any ideas on the memory errors? > > - Chuck >
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
