Using RHEL 5.11 Built openscap-1.1.1
xccdf.xml source from Downloaded "Red Hat 5 Manual STIG - Version 1, Release 8" from http://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx
That contains the U_RedHat_5_V1R8_Manual-xccdf.xml file.
I just tried running it, and all results show "notapplicable"
Looking through the docs, it does seem to point out, and google seems to also point out that I need to be running on the right platform. It seems I am.
This is truly a Redhat 5 workstation(or server), not CentOS.
My command looks like this oscap xccdf eval --profile MAC-1_Public --results result.xml U_RedHat_5_V1R8_Manual-xccdf.xml
The zip file from iase website didn't contain a CPE file, so I assumed one was not needed? Though I have a feeling this is my problem.
NOTE, that when I running I do see this message to stderr WARNING: Skipping ./oval.xml file which is referenced from XCCDF content
Really hoping to get this working, this seems a great tool.
----- Original Message -----
From: "Grant Schoep" matobinder@gmail.com To: scap-security-guide@lists.fedorahosted.org Sent: Saturday, November 15, 2014 2:04:55 AM Subject: First time running openscap, getting notapplicable
Using RHEL 5.11 Built openscap-1.1.1
Please send us `oscap --v`. I don't see any reason why it shouldn't include cpe:/o:redhat:enterprise_linux:5 but would like to know for sure.
xccdf.xml source from Downloaded "Red Hat 5 Manual STIG - Version 1, Release 8" from http://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx
That contains the U_RedHat_5_V1R8_Manual-xccdf.xml file.
Just a note, this is not scap-security-guide, it's a different content from different authors. I will try to help regardless.
It's a manual check content. That probably means that the checks are described but not automated. They don't bundle any OVAL files as far as I can see, XCCDF alone won't do any checks.
From a cursory glance at the XCCDF file they use 2 check systems, one is OVAL
but they don't include the oval.xml file. The other is "C-36041r1_chk". I have no idea what that is. It uses a file that's also not included.
I just tried running it, and all results show "notapplicable"
Are you sure it's notapplicable? I would expect 'notchecked' in this case.
Looking through the docs, it does seem to point out, and google seems to also point out that I need to be running on the right platform. It seems I am.
This is truly a Redhat 5 workstation(or server), not CentOS.
My command looks like this oscap xccdf eval --profile MAC-1_Public --results result.xml U_RedHat_5_V1R8_Manual-xccdf.xml
The zip file from iase website didn't contain a CPE file, so I assumed one was not needed? Though I have a feeling this is my problem.
openscap supports several CPE platforms without any CPE files. RHEL5 is among them. So yes, CPE file shouldn't be necessary. See `oscap --v` for a list of inbuilt CPE platforms.
NOTE, that when I running I do see this message to stderr WARNING: Skipping ./oval.xml file which is referenced from XCCDF content
Yeah, that's openscap telling you that it can't find the checks.
Using RHEL 5.11 Built openscap-1.1.1
Please send us `oscap --v`. I don't see any reason why it shouldn't include cpe:/o:redhat:enterprise_linux:5 but would like to know for sure.
Here goes' I see it there.
OpenSCAP command line tool (oscap) 1.1.1 Copyright 2009--2014 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ==== XCCDF Version: 1.2 OVAL Version: 5.10.1 CPE Version: 2.3 CVSS Version: 2.0 CVE Version: 2.0 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1
==== Capabilities added by auto-loaded plugins ==== No plugins have been auto-loaded...
==== Paths ==== Schema files: /home/gschoep/prod/Linux_x86_64/openscap-1.1.1/share/openscap/schemas Default CPE files: /home/gschoep/prod/Linux_x86_64/openscap-1.1.1/share/openscap/cpe Probes: /home/gschoep/prod/Linux_x86_64/openscap-1.1.1/libexec/openscap
==== Inbuilt CPE names ==== Red Hat Enterprise Linux - cpe:/o:redhat:enterprise_linux Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5 Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6 Red Hat Enterprise Linux 7 - cpe:/o:redhat:enterprise_linux:7 Community Enterprise Operating System 5 - cpe:/o:centos:centos:5 Community Enterprise Operating System 6 - cpe:/o:centos:centos:6 Community Enterprise Operating System 7 - cpe:/o:centos:centos:7 Fedora 16 - cpe:/o:fedoraproject:fedora:16 Fedora 17 - cpe:/o:fedoraproject:fedora:17 Fedora 18 - cpe:/o:fedoraproject:fedora:18 Fedora 19 - cpe:/o:fedoraproject:fedora:19 Fedora 20 - cpe:/o:fedoraproject:fedora:20 Fedora 21 - cpe:/o:fedoraproject:fedora:21 Fedora 22 - cpe:/o:fedoraproject:fedora:22 Red Hat Enterprise Linux Optional Productivity Applications - cpe:/a:redhat:rhel_productivity Red Hat Enterprise Linux Optional Productivity Applications 5 - cpe:/a:redhat:rhel_productivity:5
==== Supported OVAL objects and associated OpenSCAP probes ==== system_info probe_system_info family probe_family filehash probe_filehash environmentvariable probe_environmentvariable textfilecontent54 probe_textfilecontent54 textfilecontent probe_textfilecontent variable probe_variable xmlfilecontent probe_xmlfilecontent environmentvariable58 probe_environmentvariable58 filehash58 probe_filehash58 inetlisteningservers probe_inetlisteningservers partition probe_partition iflisteners probe_iflisteners selinuxboolean probe_selinuxboolean selinuxsecuritycontext probe_selinuxsecuritycontext systemdunitproperty probe_systemdunitproperty systemdunitdependency probe_systemdunitdependency file probe_file interface probe_interface password probe_password process probe_process runlevel probe_runlevel shadow probe_shadow uname probe_uname xinetd probe_xinetd sysctl probe_sysctl process58 probe_process58 gconf probe_gconf routingtable probe_routingtable
xccdf.xml source from Downloaded "Red Hat 5 Manual STIG - Version 1, Release 8" from http://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx
That contains the U_RedHat_5_V1R8_Manual-xccdf.xml file.
Just a note, this is not scap-security-guide, it's a different content from different authors. I will try to help regardless.
It's a manual check content. That probably means that the checks are described but not automated. They don't bundle any OVAL files as far as I can see, XCCDF alone won't do any checks.
From a cursory glance at the XCCDF file they use 2 check systems, one is OVAL but they don't include the oval.xml file. The other is "C-36041r1_chk". I have no idea what that is. It uses a file that's also not included.
I just tried running it, and all results show "notapplicable"
Are you sure it's notapplicable? I would expect 'notchecked' in this case.
Yep. notapplicable. I tried removing the "Platform" lines, as suggested in one thread I saw, and it switched to notchecked.
Looking through the docs, it does seem to point out, and google seems to also point out that I need to be running on the right platform. It
seems I
am.
This is truly a Redhat 5 workstation(or server), not CentOS.
My command looks like this oscap xccdf eval --profile MAC-1_Public --results result.xml U_RedHat_5_V1R8_Manual-xccdf.xml
The zip file from iase website didn't contain a CPE file, so I assumed
one
was not needed? Though I have a feeling this is my problem.
openscap supports several CPE platforms without any CPE files. RHEL5 is among them. So yes, CPE file shouldn't be necessary. See `oscap --v` for a list of inbuilt CPE platforms.
NOTE, that when I running I do see this message to stderr WARNING: Skipping ./oval.xml file which is referenced from XCCDF content
Yeah, that's openscap telling you that it can't find the checks.
So I also tried on a RHEL6 machine. Seeing same thing.
Is there a "debug" mode or something I can run to see what openscap "thinks" is the OS? If its not matching cpe:/o:redhat:enterprise_linux:5 (or 6) then maybe its getting confused and getting some totally different value.
I guess I have the source code, I could try look at something in there... suggestions on where to start would be good
I did try running one of the xccdf file that it looks like you deliver builtin. Same issue, I don't see the STDERR warning about ./oval.xml being skipped. But still get "notapplicable" Trying..
oscap xccdf eval --profile RHEL6-Default --results hey2.xml ./share/openscap/scap-rhel6-xccdf.xml
This was on my RHEL6 machine (note I am being "careful" to be using oscap from my 1.1.1 build, and not the one that comes in RPM from Redhat themselves.
my guess is that oscap is thinking I am running something else. Not matching cpe:/o:redhat:enterprise_linux:6 (or 5)
Without mucking with the code(which I can) just wondering if there is a way to print out what oscap thinks is the machine. Or, if you can point me to a good place to put a printf, I could rebuild it.
----- Original Message -----
From: "Grant Schoep" matobinder@gmail.com To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Sunday, November 16, 2014 4:38:30 PM Subject: Re: First time running openscap, getting notapplicable
I did try running one of the xccdf file that it looks like you deliver builtin. Same issue, I don't see the STDERR warning about ./oval.xml being skipped. But still get "notapplicable" Trying..
oscap xccdf eval --profile RHEL6-Default --results hey2.xml ./share/openscap/scap-rhel6-xccdf.xml
This was on my RHEL6 machine (note I am being "careful" to be using oscap from my 1.1.1 build, and not the one that comes in RPM from Redhat themselves.
my guess is that oscap is thinking I am running something else. Not matching cpe:/o:redhat:enterprise_linux:6 (or 5)
Without mucking with the code(which I can) just wondering if there is a way to print out what oscap thinks is the machine. Or, if you can point me to a good place to put a printf, I could rebuild it.
Try `oscap oval eval --results /tmp/x.xml /usr/share/openscap/cpe/openscap-cpe-oval.xml`. And paste the x.xml file somewhere. It seems to me that you are getting false for all of the OVAL definitions.
On Sun, Nov 16, 2014 at 8:48 AM, Martin Preisler mpreisle@redhat.com wrote:
----- Original Message -----
From: "Grant Schoep" matobinder@gmail.com To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Sunday, November 16, 2014 4:38:30 PM Subject: Re: First time running openscap, getting notapplicable
I did try running one of the xccdf file that it looks like you deliver builtin. Same issue, I don't see the STDERR warning about ./oval.xml
being
skipped. But still get "notapplicable" Trying..
oscap xccdf eval --profile RHEL6-Default --results hey2.xml ./share/openscap/scap-rhel6-xccdf.xml
This was on my RHEL6 machine (note I am being "careful" to be using oscap from my 1.1.1 build, and not the one that comes in RPM from Redhat themselves.
my guess is that oscap is thinking I am running something else. Not matching cpe:/o:redhat:enterprise_linux:6 (or 5)
Without mucking with the code(which I can) just wondering if there is a
way
to print out what oscap thinks is the machine. Or, if you can point me
to a
good place to put a printf, I could rebuild it.
Try `oscap oval eval --results /tmp/x.xml /usr/share/openscap/cpe/openscap-cpe-oval.xml`. And paste the x.xml file somewhere. It seems to me that you are getting false for all of the OVAL definitions.
Here goes, when running that command, I get the following to stdout
Definition oval:org.open-scap.cpe.rhel:def:7: unknown Definition oval:org.open-scap.cpe.rhel:def:6: unknown Definition oval:org.open-scap.cpe.rhel:def:5: unknown Definition oval:org.open-scap.cpe.rhel:def:1007: unknown Definition oval:org.open-scap.cpe.rhel:def:1006: unknown Definition oval:org.open-scap.cpe.rhel:def:1005: unknown Definition oval:org.open-scap.cpe.rhel:def:1: unknown Definition oval:org.open-scap.cpe.fedora:def:22: unknown Definition oval:org.open-scap.cpe.fedora:def:21: unknown Definition oval:org.open-scap.cpe.fedora:def:20: unknown Definition oval:org.open-scap.cpe.fedora:def:19: unknown Definition oval:org.open-scap.cpe.fedora:def:18: unknown Definition oval:org.open-scap.cpe.fedora:def:17: unknown Definition oval:org.open-scap.cpe.fedora:def:16: unknown
And the contents of the results file.:
<?xml version="1.0" encoding="UTF-8"?> <oval_results xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns=" http://oval.mitre.org/XMLSchema/oval-results-5" xsi:schemaLocation=" http://oval.mitre.org/XMLSchema/oval-results-5 oval-results-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd"> <generator> oval:product_namecpe:/a:open-scap:oscap</oval:product_name> oval:schema_version5.10.1</oval:schema_version> oval:timestamp2014-11-16T17:38:20</oval:timestamp> </generator> <directives> <definition_true reported="true" content="full"/> <definition_false reported="true" content="full"/> <definition_unknown reported="true" content="full"/> <definition_error reported="true" content="full"/> <definition_not_evaluated reported="true" content="full"/> <definition_not_applicable reported="true" content="full"/> </directives> <oval_definitions xmlns:oval=" http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance" xmlns:unix-def=" http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:ind-def=" http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:lin-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd"> <generator> oval:product_namevim</oval:product_name> oval:schema_version5.10.1</oval:schema_version> oval:timestamp2012-11-22T15:00:00+01:00</oval:timestamp> </generator> <definitions> <definition id="oval:org.open-scap.cpe.rhel:def:7" version="1" class="inventory"> <metadata> <title>Red Hat Enterprise Linux 7</title> <affected family="unix"> <platform>Red Hat Enterprise Linux 7</platform> </affected> <reference source="CPE" ref_id="cpe:/o:redhat:enterprise_linux:7"/> <description>The operating system installed on the system is Red Hat Enterprise Linux 7</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:7" comment="Red Hat Enterprise Linux 7 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.rhel:def:6" version="1" class="inventory"> <metadata> <title>Red Hat Enterprise Linux 6</title> <affected family="unix"> <platform>Red Hat Enterprise Linux 6</platform> </affected> <reference source="CPE" ref_id="cpe:/o:redhat:enterprise_linux:6"/> <description>The operating system installed on the system is Red Hat Enterprise Linux 6</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:6" comment="Red Hat Enterprise Linux 6 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.rhel:def:5" version="1" class="inventory"> <metadata> <title>Red Hat Enterprise Linux 5</title> <affected family="unix"> <platform>Red Hat Enterprise Linux 5</platform> </affected> <reference source="CPE" ref_id="cpe:/o:redhat:enterprise_linux:5"/> <description>The operating system installed on the system is Red Hat Enterprise Linux 5</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:5" comment="Red Hat Enterprise Linux 5 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.rhel:def:1007" version="1" class="inventory"> <metadata> <title>Community Enterprise Operating System 7</title> <affected family="unix"> <platform>Community Enterprise Operating System 7</platform> </affected> <reference source="CPE" ref_id="cpe:/o:centos:centos:7"/> <description>The operating system installed on the system is Community Enterprise Operating System 7</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1007" comment="Community Enterprise Operating System 7 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.rhel:def:1006" version="1" class="inventory"> <metadata> <title>Community Enterprise Operating System 6</title> <affected family="unix"> <platform>Community Enterprise Operating System 6</platform> </affected> <reference source="CPE" ref_id="cpe:/o:centos:centos:6"/> <description>The operating system installed on the system is Community Enterprise Operating System 6</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1006" comment="Community Enterprise Operating System 6 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.rhel:def:1005" version="1" class="inventory"> <metadata> <title>Community Enterprise Operating System 5</title> <affected family="unix"> <platform>Community Enterprise Operating System 5</platform> </affected> <reference source="CPE" ref_id="cpe:/o:centos:centos:5"/> <description>The operating system installed on the system is Community Enterprise Operating System 5</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1005" comment="Community Enterprise Operating System 5 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.rhel:def:1" version="1" class="inventory"> <metadata> <title>Red Hat Enterprise Linux</title> <affected family="unix"> <platform>Red Hat Enterprise Linux</platform> </affected> <reference source="CPE" ref_id="cpe:/o:redhat:enterprise_linux"/> <description>The operating system installed on the system is Red Hat Enterprise Linux</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:2" comment="Red Hat Enterprise Linux is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.fedora:def:22" version="1" class="inventory"> <metadata> <title>Fedora 22</title> <affected family="unix"> <platform>Fedora 22</platform> </affected> <reference source="CPE" ref_id="cpe:/o:fedoraproject:fedora:22"/> <description>The operating system installed on the system is Fedora 22</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:22" comment="Fedora 22 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.fedora:def:21" version="1" class="inventory"> <metadata> <title>Fedora 21</title> <affected family="unix"> <platform>Fedora 21</platform> </affected> <reference source="CPE" ref_id="cpe:/o:fedoraproject:fedora:21"/> <description>The operating system installed on the system is Fedora 21</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:21" comment="Fedora 21 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.fedora:def:20" version="1" class="inventory"> <metadata> <title>Fedora 20</title> <affected family="unix"> <platform>Fedora 20</platform> </affected> <reference source="CPE" ref_id="cpe:/o:fedoraproject:fedora:20"/> <description>The operating system installed on the system is Fedora 20</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:20" comment="Fedora 20 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.fedora:def:19" version="1" class="inventory"> <metadata> <title>Fedora 19</title> <affected family="unix"> <platform>Fedora 19</platform> </affected> <reference source="CPE" ref_id="cpe:/o:fedoraproject:fedora:19"/> <description>The operating system installed on the system is Fedora 19</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:19" comment="Fedora 19 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.fedora:def:18" version="1" class="inventory"> <metadata> <title>Fedora 18</title> <affected family="unix"> <platform>Fedora 18</platform> </affected> <reference source="CPE" ref_id="cpe:/o:fedoraproject:fedora:18"/> <description>The operating system installed on the system is Fedora 18</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:18" comment="Fedora 18 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.fedora:def:17" version="1" class="inventory"> <metadata> <title>Fedora 17</title> <affected family="unix"> <platform>Fedora 17</platform> </affected> <reference source="CPE" ref_id="cpe:/o:fedoraproject:fedora:17"/> <description>The operating system installed on the system is Fedora 17</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:17" comment="Fedora 17 is installed"/> </criteria> </definition> <definition id="oval:org.open-scap.cpe.fedora:def:16" version="1" class="inventory"> <metadata> <title>Fedora 16</title> <affected family="unix"> <platform>Fedora 16</platform> </affected> <reference source="CPE" ref_id="cpe:/o:fedoraproject:fedora:16"/> <description>The operating system installed on the system is Fedora 16</description> </metadata> <criteria> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" comment="Installed operating system is part of the unix family"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:16" comment="Fedora 16 is installed"/> </criteria> </definition> </definitions> <tests> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.rhel:tst:7" version="1" check="at least one" comment="redhat-release is version 7"> lin-def:object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/ <lin-def:state state_ref="oval:org.open-scap.cpe.rhel:ste:7"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.rhel:tst:6" version="1" check="at least one" comment="redhat-release is version 6"> lin-def:object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/ <lin-def:state state_ref="oval:org.open-scap.cpe.rhel:ste:6"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.rhel:tst:5" version="1" check="at least one" comment="redhat-release is version 5"> lin-def:object object_ref="oval:org.open-scap.cpe.redhat-release:obj:1"/ <lin-def:state state_ref="oval:org.open-scap.cpe.rhel:ste:5"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.rhel:tst:2" version="1" check="at least one" comment="/etc/redhat-release is provided by redhat-release package"> lin-def:object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/ <lin-def:state state_ref="oval:org.open-scap.cpe.rhel:ste:2"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.rhel:tst:1007" version="1" check="at least one" comment="centos-release is version 7"> lin-def:object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/ <lin-def:state state_ref="oval:org.open-scap.cpe.rhel:ste:1007"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.rhel:tst:1006" version="1" check="at least one" comment="centos-release is version 6"> lin-def:object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/ <lin-def:state state_ref="oval:org.open-scap.cpe.rhel:ste:1006"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.rhel:tst:1005" version="1" check="at least one" comment="centos-release is version 5"> lin-def:object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/ <lin-def:state state_ref="oval:org.open-scap.cpe.rhel:ste:1005"/> </lin-def:rpminfo_test> <ind-def:family_test id="oval:org.open-scap.cpe.rhel:tst:1" version="1" check="only one" comment="installed operating system is part of the Unix family"> <ind-def:object object_ref="oval:org.open-scap.cpe.unix:obj:1"/> <ind-def:state state_ref="oval:org.open-scap.cpe.unix:ste:1"/> </ind-def:family_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.fedora:tst:22" version="1" check="at least one" comment="fedora-release is version Fedora 22"> lin-def:object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/ <lin-def:state state_ref="oval:org.open-scap.cpe.fedora:ste:22"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.fedora:tst:21" version="1" check="at least one" comment="fedora-release is version Fedora 21"> lin-def:object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/ <lin-def:state state_ref="oval:org.open-scap.cpe.fedora:ste:21"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.fedora:tst:20" version="1" check="at least one" comment="fedora-release is version Fedora 20"> lin-def:object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/ <lin-def:state state_ref="oval:org.open-scap.cpe.fedora:ste:20"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.fedora:tst:19" version="1" check="at least one" comment="fedora-release is version Fedora 19"> lin-def:object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/ <lin-def:state state_ref="oval:org.open-scap.cpe.fedora:ste:19"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.fedora:tst:18" version="1" check="at least one" comment="fedora-release is version Fedora 18"> lin-def:object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/ <lin-def:state state_ref="oval:org.open-scap.cpe.fedora:ste:18"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.fedora:tst:17" version="1" check="at least one" comment="fedora-release is version Fedora 17"> lin-def:object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/ <lin-def:state state_ref="oval:org.open-scap.cpe.fedora:ste:17"/> </lin-def:rpminfo_test> <lin-def:rpminfo_test id="oval:org.open-scap.cpe.fedora:tst:16" version="1" check="at least one" comment="fedora-release is version Fedora 16"> lin-def:object object_ref="oval:org.open-scap.cpe.fedora-release:obj:2"/ <lin-def:state state_ref="oval:org.open-scap.cpe.fedora:ste:16"/> </lin-def:rpminfo_test> </tests> <objects> <ind-def:family_object id="oval:org.open-scap.cpe.unix:obj:1" version="1"/> <lin-def:rpmverifyfile_object id="oval:org.open-scap.cpe.redhat-release:obj:3" version="1"> <lin-def:behaviors nolinkto="true" nomd5="true" nosize="true" nouser="true" nogroup="true" nomtime="true" nomode="true" nordev="true" noconfigfiles="true" noghostfiles="true"/> <lin-def:name operation="pattern match"></lin-def:name> <lin-def:epoch operation="pattern match"></lin-def:epoch> <lin-def:version operation="pattern match"></lin-def:version> <lin-def:release operation="pattern match"></lin-def:release> <lin-def:arch operation="pattern match"></lin-def:arch> lin-def:filepath/etc/redhat-release</lin-def:filepath> </lin-def:rpmverifyfile_object> <lin-def:rpminfo_object id="oval:org.open-scap.cpe.redhat-release:obj:1" version="1"> lin-def:nameredhat-release</lin-def:name> </lin-def:rpminfo_object> <lin-def:rpminfo_object id="oval:org.open-scap.cpe.fedora-release:obj:2" version="1"> lin-def:namefedora-release</lin-def:name> </lin-def:rpminfo_object> </objects> <states> <ind-def:family_state id="oval:org.open-scap.cpe.unix:ste:1" version="1"> ind-def:familyunix</ind-def:family> </ind-def:family_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.rhel:ste:7" version="1"> <lin-def:name operation="pattern match">^redhat-release</lin-def:name> <lin-def:version operation="pattern match">^7[^\d]</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.rhel:ste:6" version="1"> <lin-def:name operation="pattern match">^redhat-release</lin-def:name> <lin-def:version operation="pattern match">^6[^\d]</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.rhel:ste:5" version="1"> <lin-def:version operation="pattern match">^5[^\d]</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.rhel:ste:2" version="1"> <lin-def:name operation="pattern match">^redhat-release</lin-def:name> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.rhel:ste:1007" version="1"> <lin-def:name operation="pattern match">^centos-release</lin-def:name> <lin-def:version operation="pattern match">^7</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.rhel:ste:1006" version="1"> <lin-def:name operation="pattern match">^centos-release</lin-def:name> <lin-def:version operation="pattern match">^6</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.rhel:ste:1005" version="1"> <lin-def:name operation="pattern match">^centos-release</lin-def:name> <lin-def:version operation="pattern match">^5</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:22" version="1"> <lin-def:version operation="pattern match">^22$</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:21" version="1"> <lin-def:version operation="pattern match">^21$</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:20" version="1"> <lin-def:version operation="pattern match">^20$</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:19" version="1"> <lin-def:version operation="pattern match">^19$</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:18" version="1"> <lin-def:version operation="pattern match">^18$</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:17" version="1"> <lin-def:version operation="pattern match">^17$</lin-def:version> </lin-def:rpminfo_state> <lin-def:rpminfo_state id="oval:org.open-scap.cpe.fedora:ste:16" version="1"> <lin-def:version operation="pattern match">^16$</lin-def:version> </lin-def:rpminfo_state> </states> </oval_definitions> <results> <system> <definitions> <definition definition_id="oval:org.open-scap.cpe.rhel:def:7" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:7" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.rhel:def:6" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:6" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.rhel:def:5" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:5" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.rhel:def:1007" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1007" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.rhel:def:1006" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1006" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.rhel:def:1005" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1005" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.rhel:def:1" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:2" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.fedora:def:22" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:22" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.fedora:def:21" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:21" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.fedora:def:20" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:20" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.fedora:def:19" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:19" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.fedora:def:18" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:18" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.fedora:def:17" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:17" version="1" result="unknown"/> </criteria> </definition> <definition definition_id="oval:org.open-scap.cpe.fedora:def:16" result="unknown" version="1"> <criteria operator="AND" result="unknown"> <criterion test_ref="oval:org.open-scap.cpe.rhel:tst:1" version="1" result="true"/> <criterion test_ref="oval:org.open-scap.cpe.fedora:tst:16" version="1" result="unknown"/> </criteria> </definition> </definitions> <tests> <test test_id="oval:org.open-scap.cpe.fedora:tst:16" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.fedora:tst:17" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.fedora:tst:18" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.fedora:tst:19" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.fedora:tst:20" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.fedora:tst:21" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.fedora:tst:22" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.rhel:tst:1" version="1" check="only one" result="true"> <tested_item item_id="1284881" result="true"/> </test> <test test_id="oval:org.open-scap.cpe.rhel:tst:1005" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.rhel:tst:1006" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.rhel:tst:1007" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.rhel:tst:2" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.rhel:tst:5" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.rhel:tst:6" version="1" check="at least one" result="unknown"/> <test test_id="oval:org.open-scap.cpe.rhel:tst:7" version="1" check="at least one" result="unknown"/> </tests> <oval_system_characteristics xmlns:oval=" http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance" xmlns:unix-sys=" http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix" xmlns:ind-sys=" http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent" xmlns:lin-sys=" http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#linux" xmlns=" http://oval.mitre.org/XMLSchema/oval-system-characteristics-5" xsi:schemaLocation=" http://oval.mitre.org/XMLSchema/oval-system-characteristics-5 oval-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#independent independent-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#unix unix-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-system-characteristics-5#linux linux-system-characteristics-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd"> <generator> oval:product_namecpe:/a:open-scap:oscap</oval:product_name> oval:schema_version5.10.1</oval:schema_version> oval:timestamp2014-11-16T17:38:20</oval:timestamp> </generator> <system_info> <os_name>Linux</os_name> <os_version>#1 SMP Tue Aug 12 06:26:17 EDT 2014</os_version> <architecture>x86_64</architecture> <primary_host_name>beaver</primary_host_name> <interfaces> <interface> <interface_name>lo</interface_name> <ip_address>127.0.0.1</ip_address> <mac_address>00:00:00:00:00:00</mac_address> </interface> <interface> <interface_name>eth0</interface_name> <ip_address>10.1.24.31</ip_address> <mac_address>18:03:73:2D:F5:21</mac_address> </interface> </interfaces> </system_info> <collected_objects> <object id="oval:org.open-scap.cpe.fedora-release:obj:2" version="1" flag="not collected"> <message level="warning">OVAL object not supported</message> </object> <object id="oval:org.open-scap.cpe.redhat-release:obj:1" version="1" flag="not collected"> <message level="warning">OVAL object not supported</message> </object> <object id="oval:org.open-scap.cpe.redhat-release:obj:3" version="1" flag="not collected"> <message level="warning">OVAL object not supported</message> </object> <object id="oval:org.open-scap.cpe.unix:obj:1" version="1" flag="complete"> <reference item_ref="1284881"/> </object> </collected_objects> <system_data> <ind-sys:family_item id="1284881" status="exists"> ind-sys:familyunix</ind-sys:family> </ind-sys:family_item> </system_data> </oval_system_characteristics> </system> </results> </oval_results>
----- Original Message -----
From: "Grant Schoep" matobinder@gmail.com To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Sunday, November 16, 2014 6:48:09 PM Subject: Re: First time running openscap, getting notapplicable
On Sun, Nov 16, 2014 at 8:48 AM, Martin Preisler mpreisle@redhat.com wrote:
[snip]
<collected_objects> <object id="oval:org.open-scap.cpe.fedora-release:obj:2"
version="1" flag="not collected"> <message level="warning">OVAL object not supported</message> </object> <object id="oval:org.open-scap.cpe.redhat-release:obj:1" version="1" flag="not collected"> <message level="warning">OVAL object not supported</message> </object> <object id="oval:org.open-scap.cpe.redhat-release:obj:3" version="1" flag="not collected"> <message level="warning">OVAL object not supported</message> </object>
...
You built openscap without RPM support. I should have noticed from `oscap --v` but I missed it. The rpm probe is used to determine CPE platform applicability.
You need rpm-devel if I recall correctly and then rebuild openscap.
On Sun, Nov 16, 2014 at 11:10 AM, Martin Preisler mpreisle@redhat.com wrote:
----- Original Message -----
From: "Grant Schoep" matobinder@gmail.com To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Sunday, November 16, 2014 6:48:09 PM Subject: Re: First time running openscap, getting notapplicable
On Sun, Nov 16, 2014 at 8:48 AM, Martin Preisler mpreisle@redhat.com wrote:
[snip]
<collected_objects> <object id="oval:org.open-scap.cpe.fedora-release:obj:2"
version="1" flag="not collected"> <message level="warning">OVAL object not supported</message> </object> <object id="oval:org.open-scap.cpe.redhat-release:obj:1" version="1" flag="not collected"> <message level="warning">OVAL object not supported</message> </object> <object id="oval:org.open-scap.cpe.redhat-release:obj:3" version="1" flag="not collected"> <message level="warning">OVAL object not supported</message> </object>
...
You built openscap without RPM support. I should have noticed from `oscap --v` but I missed it. The rpm probe is used to determine CPE platform applicability.
You need rpm-devel if I recall correctly and then rebuild openscap.
Awesome, that did it, installing rpm-devel got me working. I now get results from the provided scap-rhel6-xccdf.xml file. Nice to see green pass and red fails!
Now I get the "notchecked" as you had expected from the DISA file from
Downloaded "Red Hat 5 Manual STIG - Version 1, Release 8" from http://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx
Well, got me going so far.
scap-security-guide@lists.fedorahosted.org