On Wed, 19 Jun 2013 12:35:43 -0400
Maura Dailey <maura(a)eclipse.ncsc.mil> wrote:
On 06/19/2013 12:29 PM, Brian Millett wrote:
> Ok, how do I go about debugging this:
>
> [root@deckard scap]# ./testcheck.py
> dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL
> tempfile : /tmp/dir_perms_world_writable_sticky_bitshof67c.xml OpenSCAP
> Error: Unable to receive a message from probe [oval_probe_ext.c:583]
> [root@deckard scap]# ./testcheck.py
> dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL
> tempfile : /tmp/dir_perms_world_writable_sticky_bitsLT_H5A.xml OpenSCAP
> Error: Unable to receive a message from probe [oval_probe_ext.c:583]
> [root@deckard scap]# ./testcheck.py
> dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL
> tempfile : /tmp/dir_perms_world_writable_sticky_bits6eM3gu.xml OpenSCAP
> Error: Unable to receive a message from probe [oval_probe_ext.c:583]
> [root@deckard scap]# ./testcheck.py
> dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL
> tempfile : /tmp/dir_perms_world_writable_sticky_bitsIWHsj4.xml Definition
> oval:scap-security-guide.testing:def:100: false
>
>
> The dir_perms_world_writable_sticky_bits test on ONE rhel6 machine is
> failing, but sometimes it does not.
>
> When I run an evaluation with the stig-rhel policy, I get
>
> OpenSCAP Error: Unable to receive a message from probe
> [oval_probe_ext.c:584] No definition with ID: oval:ssg:def:509 in result
> model. [oval_agent.c:182]
>
Two quick checks:
- What version of openscap are you running? Is your ONE machine
running a different version?
- Does the output file in /tmp get created, and if so, does it have
any clues?
The only thing I can think of is that this box has an exported filesystem
that has many world writeable directories. Checking a tmp file that did
run, I see that
grep "<unix-sys:file_item
id" /tmp/dir_perms_world_writable_sticky_bitszzyosu.xml-results | wc -l
24510
Is there a buffer size issue?
Thanks.
--
Brian Millett
"Here you will see the heart and soul of Babylon 5...also its spleen, its
kidneys, a veritable parade of internal organs."
-- [ Londo (to Lennier), "The Quality of Mercy"]