Thanks Jan! Please see inline response below...
On 07/04/2015 04:32 AM, Jan Lieskovsky wrote:
> Hello Bond,
>
> thank you for your report.
>
> ----- Original Message -----
>
> I can reproduce that issue, when issuing just 'plain' "make" in the
> scap-security-guide-0.1.23 folder. The issue is Fedora content by
> default requires OVAL-5.11 language version already, and the version
> of the openscap RPM you are trying to build Fedora content against
> (openscap-1.0.8-1.0.1.el6.centos.1.x86_64) does not support OVAL-5.11
> language version yet.
>
> We will correct this problem in an official way in the upcoming 0.1.24
> upstream release (should be available for download during next week).
>
> For now please use the following workaround (in the scap-security-guide-0.1.23
> directory after expanding the tarball), issue the following command:
>
> # make SSG_VERSION_IS_GIT_SNAPSHOT=no rpm
>
> This will correctly produce working RPM that can be subsequently used
> on RHEL-6 / CentOS6 system.
Yes, I was able to build the RPM, however not able to run with oscap.
More below...
>> As of SCAP Security Guide release 0.1.23, CentOS content is now available
>> (any older version will require tweaking). See the announcement here:
>> https://lists.fedorahosted.org/pipermail/scap-security-guide/2015-June/006462.html
>>
>> You can download and build the SSG content from
>> https://github.com/OpenSCAP/scap-security-guide
>>
>> When you run the XCCDF, you have to specify the CentOS XCCDF like below:
>>
>> # oscap xccdf eval --profile stig-rhel6-server-upstream \
>> --results /tmp/`hostname`-ssg-results.xml \
>> --report /tmp/`hostname`-ssg-results.html \
>> --cpe /usr/share/xml/scap/ssg/content/ssg-centos6-cpe-dictionary.xml \
>> /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml
>>
>> Please note that I believe that ssg-centos6-cpe-dictionary.xml is not being
>> built with SSG. OpenSCAP is here: https://github.com/openscap/openscap and
>> the announcement here: So I believe all that needs to be done is:
>>
>> # oscap xccdf eval --profile stig-rhel6-server-upstream \
>> --results /tmp/`hostname`-ssg-results.xml \
>> --report /tmp/`hostname`-ssg-results.html \
>> /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml
>>
Trying to run the last command above without specifying CPE, results in
all tests being "notapplicable". And I confirmed there is no
cpe-dictionary.xml being built for CentOS6.
What am I missing?
-Bond
--
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/