Hi Gabe,

Thank you for your reply. I'm trying to use the 0.1.23 release, but having issues building the content. The error I get is:

Skipping datastream composition, use OpenSCAP 1.2.2 or later!
mkdir -p dist/content
cp output/ssg-fedora-xccdf.xml dist/content
cp output/ssg-fedora-oval.xml dist/content
cp output/ssg-fedora-ds.xml dist/content
cp: cannot stat `output/ssg-fedora-ds.xml': No such file or directory
make[1]: *** [dist] Error 1
make[1]: Leaving directory `/root/scap-security-guide-0.1.23/Fedora'
make: *** [fedora] Error 2

I suspect the missing "ssg-fedora-ds.xml" has something to do with the "Skipping datastream composition" message above?

I'm on CentOS6, and this is the version I got from the yum repos:

[root@openscap-testing scap-security-guide-0.1.23]# rpm -qa openscap\*
openscap-1.0.8-1.0.1.el6.centos.1.x86_64
openscap-content-1.0.8-1.0.1.el6.centos.1.noarch
openscap-utils-1.0.8-1.0.1.el6.centos.1.x86_64

So, is this a matter of not being compatible with the version of openscap I'm using? Or, is the make process suppose to handle older versions of openscap more gracefully?

Thanks,
-Bond


On 06/30/2015 03:54 PM, Gabe Alford wrote:
Hey Bond,

As of SCAP Security Guide release 0.1.23, CentOS content is now available (any older version will require tweaking). See the announcement here: https://lists.fedorahosted.org/pipermail/scap-security-guide/2015-June/006462.html

You can download and build the SSG content from https://github.com/OpenSCAP/scap-security-guide

When you run the XCCDF, you have to specify the CentOS XCCDF like below:

# oscap xccdf eval --profile stig-rhel6-server-upstream \
     --results /tmp/`hostname`-ssg-results.xml \
     --report /tmp/`hostname`-ssg-results.html \
     --cpe /usr/share/xml/scap/ssg/content/ssg-centos6-cpe-dictionary.xml \
     /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml

Please note that I believe that ssg-centos6-cpe-dictionary.xml is not being built with SSG. OpenSCAP is here: https://github.com/openscap/openscap and the announcement here: So I believe all that needs to be done is:

# oscap xccdf eval --profile stig-rhel6-server-upstream \
     --results /tmp/`hostname`-ssg-results.xml \
     --report /tmp/`hostname`-ssg-results.html \
     /usr/share/xml/scap/ssg/content/ssg-centos6-xccdf.xml

Thanks,

Gabe

On Tue, Jun 30, 2015 at 3:56 PM, Bond Masuda <bond.masuda@hexadiam.com> wrote:
Hello,

Is there a guide on how to use the RHEL SCAP content for CentOS? When I
try to use it, I get a lot of "Result: notapplicable". What needs to be
done?

I'm using it with OpenSCAP per the manual:

# oscap xccdf eval --profile stig-rhel6-server-upstream \
     --results /tmp/`hostname`-ssg-results.xml \
     --report /tmp/`hostname`-ssg-results.html \
     --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml \
     /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml

TIA,
-Bond
--
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/