July 2016 - scap-security-guide - Fedora Mailing-Lists

Auditing Security Vulnerabilities of Centos Products

by phil.barone＠gmail.com

I am researching ways to Audit Security Vulnerabilities on Centos using the practical example here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/... It shows the use of openscap with com.redhat.rhsa-all.xml and com.redhat.rhsa-all.xccdf.xml. I have configured a Centos 6.5 system with openscap and scanner 1.2.8. The scans run, without any noticeable errors, but it is saying that all tests are passing. Is this a suitable way to scan for vulnerabilities against installed products on Centos as well as redhat systems? Kind of new to this, is there another OVAL file I should be using or is there some messaging I need to do to the com.redhat.rhsa-all.xccdf.xml? Here is an example of one that is passing: RHSA-2016:0675: java-1.7.0-openjdk security update

7 years, 9 months

2
1
0 / 0

Re: investigating "notapplicable"

by Radzykewycz, T (Radzy)

________________________________________ > Date: Mon, 11 Jul 2016 13:06:35 -0600 > From: Gabe Alford <redhatrises(a)gmail.com> > Subject: Re: investigating "notapplicable" > To: SCAP Security Guide <scap-security-guide(a)lists.fedorahosted.org> > > Hello Radzy, > > > I'm trying to figure out how to go about investigating why "notapplicable" > > is returned. Mostly, I'm working with a new directory for WR Linux. > > Are you saying that all checks return "notapplicable" when you run a scan? > Or are you saying that you created a custom OVAL and the OVAL itself is > returning "notapplicable"? Hi Gabe When I tested the four commented-out rules on Fedora, there were a mix of notapplicable, pass, and fail. On WRLinux, all checks return "notapplicable". I wonder whether this might have been caused by a change I didn't make in OpenSCAP and should have. But I haven't been able to figure out where the current CPE is determined. But I expect the "how do I" question to be relevant when I get a mix of responses, too. I did create a custom OVAL, but as far as I can tell, it was never checked. Enjoy! -- radzy > Thanks, > > Gabe > > On Mon, Jul 11, 2016 at 12:15 PM, <radzy(a)windriver.com> wrote: > > > Hi folks > > > > I'm trying to figure out how to go about investigating why "notapplicable" > > is returned. Mostly, I'm working with a new directory for WR Linux. > > > > However, I also see that for Fedora, there are four rules that are > > commented out with a comment: > > > > The following rules currently returns 'notapplicable' on Fedora > > container > > Investigate why, fix the issues, and re-enable back once fixed > > > > The specific rules that are commented out are: > > > > accounts_password_all_shadowed > > root_path_no_dot > > mount_option_dev_shm_nodev > > mount_option_dev_shm_nosuid > > > > When I tried to reproduce this, I find that accounts_password_all_shadowed > > passes on a vanilla Fedora 23 installation. Maybe it's different on a > > container-based install than on an install on a plain old laptop. > > > > root_path_no_dot appears to be malformed, with various pieces missing. > > > > The other two don't show up in my output results at all. Not sure why. > > They do appear to be present in the DS file, and I haven't yet found any > > reason to consider them malformed. > > > > But my general question is about the procedure to go about this > > investigation. Is there a document that gives hints about the > > best way to do this ? I've looked for one, but haven't found it. > > What I've done so far is largely manual, and it has been somewhat > > awkward getting the results. (Mostly, I've tried to investigate > > WR Linux, but the Fedora issues seemed like a good thing to use > > for more experience.) > > > > Any help would be appreciated. > > > > Enjoy! > > > > -- radzy > > -- > > SCAP Security Guide mailing list > > scap-security-guide(a)lists.fedorahosted.org > > > > https://lists.fedorahosted.org/admin/lists/scap-security-guide@lists.fedo... > > https://github.com/OpenSCAP/scap-security-guide/

7 years, 9 months

2
1
0 / 0

Why there is a need of a manual STIG and a benchmark STIG?

by Chun Tat David Chu

Hi all, Why there is a need of a manual STIG and a benchmark STIG? Both STIGs are in SCAP XCDDF format. Can't both be combined? http://iase.disa.mil/stigs/os/unix-linux/Pages/red-hat.aspx Thanks, David

7 years, 9 months

2
1
0 / 0

investigating "notapplicable"

by Radzykewycz, T (Radzy)

Hi folks I'm trying to figure out how to go about investigating why "notapplicable" is returned. Mostly, I'm working with a new directory for WR Linux. However, I also see that for Fedora, there are four rules that are commented out with a comment: The following rules currently returns 'notapplicable' on Fedora container Investigate why, fix the issues, and re-enable back once fixed The specific rules that are commented out are: accounts_password_all_shadowed root_path_no_dot mount_option_dev_shm_nodev mount_option_dev_shm_nosuid When I tried to reproduce this, I find that accounts_password_all_shadowed passes on a vanilla Fedora 23 installation. Maybe it's different on a container-based install than on an install on a plain old laptop. root_path_no_dot appears to be malformed, with various pieces missing. The other two don't show up in my output results at all. Not sure why. They do appear to be present in the DS file, and I haven't yet found any reason to consider them malformed. But my general question is about the procedure to go about this investigation. Is there a document that gives hints about the best way to do this ? I've looked for one, but haven't found it. What I've done so far is largely manual, and it has been somewhat awkward getting the results. (Mostly, I've tried to investigate WR Linux, but the Fedora issues seemed like a good thing to use for more experience.) Any help would be appreciated. Enjoy! -- radzy

7 years, 9 months

3
2
0 / 0

Question about scap-security-guide 0.1.28 and Centos 6.5

by phil.barone＠gmail.com

Linux somehost.net 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux openscap-1.2.8-2.el6.centos.x86_64 openscap-scanner-1.2.8-2.el6.centos.x86_64 scap-security-guide-0.1.28-2.el6.noarch This box is not accessible to the internet. I am getting this warning below and am not sure if I should be concerned. Is there some other level of reporting that I am missing because of this? Is there a fix i can perform to identify this file locally? [root@tvm01 openscap]# oscap xccdf eval --profile server --report report1.html --results results1.xml --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml >ttt1 WARNING: Skipping http://www.redhat.com/security/data/oval/Red_Hat_Enterprise_Linux_6.xml file which is referenced from XCCDF content

7 years, 9 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

scap-security-guide July 2016