On 11/1/12 12:42 PM, Shawn Wells wrote:
On 11/1/12 12:34 PM, Steve Grubb wrote:
> On Thursday, November 01, 2012 05:31:00 PM Peter Vrabec wrote:
>> >why do you consider this an openscap bug? I suppose it's a bug in the
>> >content. The profile you want to evaluate reference to not existing
>> rule.
> Well, the original poster was using 0.8 and I know bugs have been
> fixed since
> then. So, in troubleshooting the issue, its a simple step to just
> update to
> the latest and see if its still there or its fixed. They said its
> still there,
> so its time to look deeper at the content.
>
> Maybe git bisect is helpful if it is known to have worked sometime
> in the
> past.
There's a two part problem. Yes, some errors are caused by the bugs in
RHEL6 openscap (v0.8?). Specifically:
> 1 1871 In file 'xccdf-results.xml' on line 15992: Element
> '{http://checklists.nist.gov/xccdf/1.1}ident': This element is not
> expected.
> Expected is ( {http://checklists.nist.gov/xccdf/1.1}result ).
> 1 1871 In file 'xccdf-results.xml' on line 15995: Element
> '{http://checklists.nist.gov/xccdf/1.1}ident': This element is not
> expected.
> Expected is ( {http://checklists.nist.gov/xccdf/1.1}result ).
With that said, there are errors in the XCCDF content itself. Patches
coming soon.
Just sent out a few patches which clears up the errors, however the
rules now all state "notapplicable"
....continuing to investigate. Thoughts/patches welcome!
$ oscap xccdf eval --profile stig-server RHEL6/output/ssg-rhel6-xccdf.xml
Title Verify No netrc Files Exist
Rule no_netrc_files
Ident CCE-TODO
Result notapplicable
Title Create Warning Banners for All FTP Users
Rule ftp_present_banner
Ident CCE-4554-2
Result notapplicable