These all look good to me -- please push.
On 08/30/2013 12:08 PM, Shawn Wells wrote:
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Shawn,
Downloaded the latest benchmarks zip from your buildroot site and have loaded/run them in SCAP 3.1 (as well as 3.1.1.RC6) and they do not seem to complete.
They get to a point where the following is displayed, but they don't actually seem to complete:
LOCALHOST.LOCALDOMAIN: Getting detail for package: 1655 of 1655 LOCALHOST.LOCALDOMAIN: Finish getting package details LOCALHOST.LOCALDOMAIN: for object: oval:ssg:obj:1991
Is this a known issue?
Thoughts?
v/r David Moessbauer (410) 627-5633 (M)
The Information contained in or attached to this communication may be confidential and privileged proprietary intended only for the individual/s or entity to whom/which it is addressed. Any unauthorized use, distribution, copying or disclosure of this information is strictly prohibited. If you have received this communication in error please contact the sender immediately and delete from your system.
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Shawn Wells Sent: Friday, August 30, 2013 1:20 PM To: scap-security-guide@lists.fedorahosted.org Subject: Re: [PATCH 0/4] OVAL template testing
On 8/30/13 1:09 PM, Jeffrey Blank wrote:
These all look good to me -- please push.
Pushed
I just did a fresh git clone and tried myself and also got errors.
After dropping in to the RHEl6 directory the 'make' had 3 warnings about 'Duplicate ID, which will not be added: var_accounts_user_umask'. When I zipped up the final ssg* products and dropping this into SCC 3.1GA and ran ./cscc I got the following:
RH64-64: Loading ssg-rhel6-xccdf.xml [ERROR] Profile 'rht-ccp' is an abstract profile. Target System RH64-64 Selected Profile: rht-ccp Stream Name: ssg-rhel6- Stream Version: 0.9 Stream Date 2013-08-30
Total Errors: 1 ...
Hope everyone enjoys the long weekend....
-Rob
________________________________________ From: scap-security-guide-bounces@lists.fedorahosted.org [scap-security-guide-bounces@lists.fedorahosted.org] on behalf of Moessbauer, David [david.moessbauer@progeny.net] Sent: Friday, August 30, 2013 1:54 PM To: scap-security-guide@lists.fedorahosted.org Subject: Aug29 Benchmarks
Shawn,
Downloaded the latest benchmarks zip from your buildroot site and have loaded/run them in SCAP 3.1 (as well as 3.1.1.RC6) and they do not seem to complete.
They get to a point where the following is displayed, but they don't actually seem to complete:
LOCALHOST.LOCALDOMAIN: Getting detail for package: 1655 of 1655 LOCALHOST.LOCALDOMAIN: Finish getting package details LOCALHOST.LOCALDOMAIN: for object: oval:ssg:obj:1991
Is this a known issue?
Thoughts?
v/r
David Moessbauer (410) 627-5633 (M)
The Information contained in or attached to this communication may be confidential and privileged proprietary intended only for the individual/s or entity to whom/which it is addressed. Any unauthorized use, distribution, copying or disclosure of this information is strictly prohibited. If you have received this communication in error please contact the sender immediately and delete from your system.
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Shawn Wells Sent: Friday, August 30, 2013 1:20 PM To: scap-security-guide@lists.fedorahosted.org Subject: Re: [PATCH 0/4] OVAL template testing
On 8/30/13 1:09 PM, Jeffrey Blank wrote:
These all look good to me -- please push.
Pushed
-- Shawn Wells Director, Innovation Programs shawn@redhat.com | 443.534.0130 @shawndwells
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Although the check-combining script is a 76-line python script, confusion about the "Duplicate ID" messages (which are notifications, not errors) seems to persist so I have yet again adjusted the output text. A more elegant solution would be to verify the elements' equivalence, but I was so disappointed that lxml did not have a method to do so I did not code it up.
I can't help you with the SCC error, however.
On Fri, Aug 30, 2013 at 2:20 PM, Robert Sanders rsanders@trustedcs.com wrote:
I just did a fresh git clone and tried myself and also got errors.
After dropping in to the RHEl6 directory the 'make' had 3 warnings about 'Duplicate ID, which will not be added: var_accounts_user_umask'. When I zipped up the final ssg* products and dropping this into SCC 3.1GA and ran ./cscc I got the following:
RH64-64: Loading ssg-rhel6-xccdf.xml [ERROR] Profile 'rht-ccp' is an abstract profile. Target System RH64-64 Selected Profile: rht-ccp Stream Name: ssg-rhel6- Stream Version: 0.9 Stream Date 2013-08-30
Total Errors: 1 ...
Hope everyone enjoys the long weekend....
-Rob
From: scap-security-guide-bounces@lists.fedorahosted.org [scap-security-guide-bounces@lists.fedorahosted.org] on behalf of Moessbauer, David [david.moessbauer@progeny.net] Sent: Friday, August 30, 2013 1:54 PM To: scap-security-guide@lists.fedorahosted.org Subject: Aug29 Benchmarks
Shawn,
Downloaded the latest benchmarks zip from your buildroot site and have loaded/run them in SCAP 3.1 (as well as 3.1.1.RC6) and they do not seem to complete.
They get to a point where the following is displayed, but they don't actually seem to complete:
LOCALHOST.LOCALDOMAIN: Getting detail for package: 1655 of 1655 LOCALHOST.LOCALDOMAIN: Finish getting package details LOCALHOST.LOCALDOMAIN: for object: oval:ssg:obj:1991
Is this a known issue?
Thoughts?
v/r
David Moessbauer (410) 627-5633 (M)
The Information contained in or attached to this communication may be confidential and privileged proprietary intended only for the individual/s or entity to whom/which it is addressed. Any unauthorized use, distribution, copying or disclosure of this information is strictly prohibited. If you have received this communication in error please contact the sender immediately and delete from your system.
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Shawn Wells Sent: Friday, August 30, 2013 1:20 PM To: scap-security-guide@lists.fedorahosted.org Subject: Re: [PATCH 0/4] OVAL template testing
On 8/30/13 1:09 PM, Jeffrey Blank wrote:
These all look good to me -- please push.
Pushed
-- Shawn Wells Director, Innovation Programs shawn@redhat.com | 443.534.0130 @shawndwells
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
I had the same problem. I ran it and it got stuck at roughly the same point. After about 20 hours I killed it. I deselected the "rpm_verify_permissions" rule in the XCCDF and ran it again without any problems. I reported it to SPAWAR but they could not recreate the problem.
Jim
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Moessbauer, David Sent: Friday, August 30, 2013 1:55 PM To: scap-security-guide@lists.fedorahosted.org Subject: Aug29 Benchmarks
Shawn,
Downloaded the latest benchmarks zip from your buildroot site and have loaded/run them in SCAP 3.1 (as well as 3.1.1.RC6) and they do not seem to complete.
They get to a point where the following is displayed, but they don't actually seem to complete:
LOCALHOST.LOCALDOMAIN: Getting detail for package: 1655 of 1655 LOCALHOST.LOCALDOMAIN: Finish getting package details LOCALHOST.LOCALDOMAIN: for object: oval:ssg:obj:1991
Is this a known issue?
Thoughts?
v/r
David Moessbauer (410) 627-5633 (M)
The Information contained in or attached to this communication may be confidential and privileged proprietary intended only for the individual/s or entity to whom/which it is addressed. Any unauthorized use, distribution, copying or disclosure of this information is strictly prohibited. If you have received this communication in error please contact the sender immediately and delete from your system.
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Shawn Wells Sent: Friday, August 30, 2013 1:20 PM To: scap-security-guide@lists.fedorahosted.org Subject: Re: [PATCH 0/4] OVAL template testing
On 8/30/13 1:09 PM, Jeffrey Blank wrote:
These all look good to me -- please push.
Pushed
-- Shawn Wells Director, Innovation Programs shawn@redhat.com | 443.534.0130 @shawndwells
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Thanks, that has allowed the scan to complete.
Regarding results, can someone please advise what the delta is btwn 'Not Completed' and 'Not Selected'? I show 21 NC and 166 NS...
v/r David Moessbauer (410) 627-5633 (M)
The Information contained in or attached to this communication may be confidential and privileged proprietary intended only for the individual/s or entity to whom/which it is addressed. Any unauthorized use, distribution, copying or disclosure of this information is strictly prohibited. If you have received this communication in error please contact the sender immediately and delete from your system.
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Ronayne, James K. Sent: Tuesday, September 03, 2013 7:18 AM To: 'scap-security-guide@lists.fedorahosted.org' Subject: (nwl) RE: Aug29 Benchmarks
I had the same problem. I ran it and it got stuck at roughly the same point. After about 20 hours I killed it. I deselected the "rpm_verify_permissions" rule in the XCCDF and ran it again without any problems. I reported it to SPAWAR but they could not recreate the problem.
Jim
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Moessbauer, David Sent: Friday, August 30, 2013 1:55 PM To: scap-security-guide@lists.fedorahosted.org Subject: Aug29 Benchmarks
Shawn,
Downloaded the latest benchmarks zip from your buildroot site and have loaded/run them in SCAP 3.1 (as well as 3.1.1.RC6) and they do not seem to complete.
They get to a point where the following is displayed, but they don't actually seem to complete:
LOCALHOST.LOCALDOMAIN: Getting detail for package: 1655 of 1655 LOCALHOST.LOCALDOMAIN: Finish getting package details LOCALHOST.LOCALDOMAIN: for object: oval:ssg:obj:1991
Is this a known issue?
Thoughts?
v/r
David Moessbauer (410) 627-5633 (M)
The Information contained in or attached to this communication may be confidential and privileged proprietary intended only for the individual/s or entity to whom/which it is addressed. Any unauthorized use, distribution, copying or disclosure of this information is strictly prohibited. If you have received this communication in error please contact the sender immediately and delete from your system.
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Shawn Wells Sent: Friday, August 30, 2013 1:20 PM To: scap-security-guide@lists.fedorahosted.org Subject: Re: [PATCH 0/4] OVAL template testing
On 8/30/13 1:09 PM, Jeffrey Blank wrote:
These all look good to me -- please push.
Pushed
-- Shawn Wells Director, Innovation Programs shawn@redhat.com | 443.534.0130 @shawndwells
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Do you mean Notchecked? "Not completed" is not a valid XCCDF results value. "Not selected" means the rules were not turned on for the profile you ran. When I ran the content I also got three "Unknown" results. I haven't gone back to figure out why. "Not checked" means the rule was selected but the tool was unable to run the checks. This will happen if the content uses a check system the tool does not support. Was this content that still included the "OCIL-transitional" check system? If so, those rules could not be checked. If you run the OCIL content in SCC you will have the opportunity to complete those checks. I had 21 not checked rule results when I ran the OCIL-transitional content.
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Moessbauer, David Sent: Tuesday, September 03, 2013 9:45 AM To: scap-security-guide@lists.fedorahosted.org Subject: RE: Aug29 Benchmarks
Thanks, that has allowed the scan to complete.
Regarding results, can someone please advise what the delta is btwn 'Not Completed' and 'Not Selected'? I show 21 NC and 166 NS...
v/r
David Moessbauer (410) 627-5633 (M)
The Information contained in or attached to this communication may be confidential and privileged proprietary intended only for the individual/s or entity to whom/which it is addressed. Any unauthorized use, distribution, copying or disclosure of this information is strictly prohibited. If you have received this communication in error please contact the sender immediately and delete from your system.
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Ronayne, James K. Sent: Tuesday, September 03, 2013 7:18 AM To: 'scap-security-guide@lists.fedorahosted.org' Subject: (nwl) RE: Aug29 Benchmarks
I had the same problem. I ran it and it got stuck at roughly the same point. After about 20 hours I killed it. I deselected the "rpm_verify_permissions" rule in the XCCDF and ran it again without any problems. I reported it to SPAWAR but they could not recreate the problem.
Jim
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Moessbauer, David Sent: Friday, August 30, 2013 1:55 PM To: scap-security-guide@lists.fedorahosted.org Subject: Aug29 Benchmarks
Shawn,
Downloaded the latest benchmarks zip from your buildroot site and have loaded/run them in SCAP 3.1 (as well as 3.1.1.RC6) and they do not seem to complete.
They get to a point where the following is displayed, but they don't actually seem to complete:
LOCALHOST.LOCALDOMAIN: Getting detail for package: 1655 of 1655 LOCALHOST.LOCALDOMAIN: Finish getting package details LOCALHOST.LOCALDOMAIN: for object: oval:ssg:obj:1991
Is this a known issue?
Thoughts?
v/r
David Moessbauer (410) 627-5633 (M)
The Information contained in or attached to this communication may be confidential and privileged proprietary intended only for the individual/s or entity to whom/which it is addressed. Any unauthorized use, distribution, copying or disclosure of this information is strictly prohibited. If you have received this communication in error please contact the sender immediately and delete from your system.
-----Original Message----- From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Shawn Wells Sent: Friday, August 30, 2013 1:20 PM To: scap-security-guide@lists.fedorahosted.org Subject: Re: [PATCH 0/4] OVAL template testing
On 8/30/13 1:09 PM, Jeffrey Blank wrote:
These all look good to me -- please push.
Pushed
-- Shawn Wells Director, Innovation Programs shawn@redhat.com | 443.534.0130 @shawndwells
_______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide@lists.fedorahosted.org
-
Jeffrey Blank -
Moessbauer, David -
Robert Sanders -
Ronayne, James K. -
Shawn Wells -
Shawn Wells