I would recommend moving this discussion to the openscap mailing list as it appears to be an issue with openscap rather than the scap-security-guide.
Thanks, Gabe On Tue, Oct 6, 2015 at 11:02 AM, Chuck Atkins <[email protected]> wrote: > Upon further investigation, this seems to be caused by the --oval-results > option. And yes, I realized that a) I don't need the > --check-engine-results options and b) I can create a tailoring file for use > without the datastream. So regardless of whether or not I use the > datastream or the seperate xccdf and cpe files, adding the --oval-results > option kills the report generation. (the machine has 16GB of RAM btw). > > Also, should I move the discussion to the Red Hat GovSec list instead? > > - Chuck > > On Tue, Oct 6, 2015 at 12:40 PM, Chuck Atkins <[email protected]> > wrote: > >> I just did a fresh install of RHEL6, with minimal desktop configuration, >> applied all updates, and installed scap-security-guide, openscap, and >> scap-workbench from the system repos. First I created a tailoring file >> with SCAP Workbench to adjust the STIG server profile for desktop usage >> (allow X, remove various server packages, etc.). The scan worked fine but >> when generating the results and report, I get a bunch of memory allocation >> errors. When I tried to evaluate from the command line instead, using the >> tailoring file from scap-workbench, I get: >> >> [root@rhel6-stig-vm ~]# oscap xccdf eval \ >> --tailoring-file ssg-rhel6-kw-desktop-xccdf.xml \ >> --profile xccdf_kitware.com_profile_stig-rhel6-server-upstream_desktop \ >> --report ssg-report.html --results ssg-results.xml \ >> --check-engine-results --oval-results \ >> /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml >> >> ... >> all benchmark rules process >> ... >> >> XPath error : Memory allocation failed : growing nodeset hit limit >> >> growing nodeset hit limit >> >> ^ >> runtime error: file /usr/share/openscap/xsl/xccdf-report-oval-details.xsl >> line 39 element key >> Failed to evaluate the 'match' expression. >> >> (error repeated 4 times) >> >> The RPMs installed as reported by yum are: >> >> openscap-utils.x86_64 1.2.4-1.el6_6sat >> @rhel-6-workstation-satellite-tools-6.1-rpms >> scap-security-guide.noarch 0.1.21-3.el6 >> @rhel-6-workstation-rpms >> [root@rhel6-stig-vm ~]# >> >> Interestingly, I don't seem to get these memory errors when I run against >> the xccdf directly and not the combined datastream, but then I can't use >> the tailoring file I created. Any ideas on the memory errors? >> >> - Chuck >> > > > -- > SCAP Security Guide mailing list > [email protected] > https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide > https://github.com/OpenSCAP/scap-security-guide/ >
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
