Ok, how do I go about debugging this:
[root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitshof67c.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsLT_H5A.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bits6eM3gu.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsIWHsj4.xml Definition oval:scap-security-guide.testing:def:100: false
The dir_perms_world_writable_sticky_bits test on ONE rhel6 machine is failing, but sometimes it does not.
When I run an evaluation with the stig-rhel policy, I get
OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:584] No definition with ID: oval:ssg:def:509 in result model. [oval_agent.c:182]
On 06/19/2013 12:29 PM, Brian Millett wrote:
Ok, how do I go about debugging this:
[root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitshof67c.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsLT_H5A.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bits6eM3gu.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsIWHsj4.xml Definition oval:scap-security-guide.testing:def:100: false
The dir_perms_world_writable_sticky_bits test on ONE rhel6 machine is failing, but sometimes it does not.
When I run an evaluation with the stig-rhel policy, I get
OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:584] No definition with ID: oval:ssg:def:509 in result model. [oval_agent.c:182]
Two quick checks: - What version of openscap are you running? Is your ONE machine running a different version? - Does the output file in /tmp get created, and if so, does it have any clues?
- Maura Dailey
On Wed, 19 Jun 2013 12:35:43 -0400 Maura Dailey maura@eclipse.ncsc.mil wrote:
On 06/19/2013 12:29 PM, Brian Millett wrote:
Ok, how do I go about debugging this:
[root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitshof67c.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsLT_H5A.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bits6eM3gu.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsIWHsj4.xml Definition oval:scap-security-guide.testing:def:100: false
The dir_perms_world_writable_sticky_bits test on ONE rhel6 machine is failing, but sometimes it does not.
When I run an evaluation with the stig-rhel policy, I get
OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:584] No definition with ID: oval:ssg:def:509 in result model. [oval_agent.c:182]
Two quick checks:
- What version of openscap are you running? Is your ONE machine
running a different version?
- Does the output file in /tmp get created, and if so, does it have
any clues?
- Maura Dailey
Thanks,
the tmp files do not show anything helpful
[root@deckard scap]# diff -wruN \ /tmp/dir_perms_world_writable_sticky_bits6eM3gu.xml \ /tmp/dir_perms_world_writable_sticky_bitsIWHsj4.xml
The same, so ??
[root@deckard scap]# oscap -V OSCAP util (oscap) 0.9.3 Copyright 2009-2012 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ==== XCCDF Version: 1.2 OVAL Version: 5.10.1 CPE Version: 2.3 CVSS Version: 2.0 CVE Version: 2.0 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1
==== Paths ==== Schema files: /usr/share/openscap/schemas Schematron files: /usr/share/openscap/xsl Default CPE files: /usr/share/openscap/cpe Probes: /usr/libexec/openscap
==== Inbuilt CPE names ==== Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5 Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6 Fedora 16 - cpe:/o:fedoraproject:fedora:16 Fedora 17 - cpe:/o:fedoraproject:fedora:17 Fedora 18 - cpe:/o:fedoraproject:fedora:18
==== Supported OVAL objects and associated OpenSCAP probes ==== system_info probe_system_info family probe_family filehash probe_filehash environmentvariable probe_environmentvariable textfilecontent54 probe_textfilecontent54 textfilecontent probe_textfilecontent variable probe_variable xmlfilecontent probe_xmlfilecontent environmentvariable58 probe_environmentvariable58 filehash58 probe_filehash58 inetlisteningservers probe_inetlisteningservers rpminfo probe_rpminfo partition probe_partition iflisteners probe_iflisteners rpmverify probe_rpmverify rpmverifyfile probe_rpmverifyfile rpmverifypackage probe_rpmverifypackage selinuxboolean probe_selinuxboolean selinuxsecuritycontext probe_selinuxsecuritycontext file probe_file interface probe_interface password probe_password process probe_process runlevel probe_runlevel shadow probe_shadow uname probe_uname xinetd probe_xinetd sysctl probe_sysctl process58 probe_process58 fileextendedattribute probe_fileextendedattribute gconf probe_gconf routingtable probe_routingtable
On Wed, 19 Jun 2013 12:35:43 -0400 Maura Dailey maura@eclipse.ncsc.mil wrote:
On 06/19/2013 12:29 PM, Brian Millett wrote:
Ok, how do I go about debugging this:
[root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitshof67c.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsLT_H5A.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bits6eM3gu.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsIWHsj4.xml Definition oval:scap-security-guide.testing:def:100: false
The dir_perms_world_writable_sticky_bits test on ONE rhel6 machine is failing, but sometimes it does not.
When I run an evaluation with the stig-rhel policy, I get
OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:584] No definition with ID: oval:ssg:def:509 in result model. [oval_agent.c:182]
Two quick checks:
- What version of openscap are you running? Is your ONE machine
running a different version?
- Does the output file in /tmp get created, and if so, does it have
any clues?
The only thing I can think of is that this box has an exported filesystem that has many world writeable directories. Checking a tmp file that did run, I see that
grep "<unix-sys:file_item id" /tmp/dir_perms_world_writable_sticky_bitszzyosu.xml-results | wc -l
24510
Is there a buffer size issue?
Thanks.
On 06/19/2013 01:36 PM, Brian Millett wrote:
On Wed, 19 Jun 2013 12:35:43 -0400 Maura Dailey maura@eclipse.ncsc.mil wrote:
On 06/19/2013 12:29 PM, Brian Millett wrote:
Ok, how do I go about debugging this:
[root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitshof67c.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsLT_H5A.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bits6eM3gu.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsIWHsj4.xml Definition oval:scap-security-guide.testing:def:100: false
The dir_perms_world_writable_sticky_bits test on ONE rhel6 machine is failing, but sometimes it does not.
When I run an evaluation with the stig-rhel policy, I get
OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:584] No definition with ID: oval:ssg:def:509 in result model. [oval_agent.c:182]
Two quick checks: - What version of openscap are you running? Is your ONE machine running a different version? - Does the output file in /tmp get created, and if so, does it have any clues?
The only thing I can think of is that this box has an exported filesystem that has many world writeable directories. Checking a tmp file that did run, I see that
grep "<unix-sys:file_item id" /tmp/dir_perms_world_writable_sticky_bitszzyosu.xml-results | wc -l
24510
Is there a buffer size issue?
Thanks.
I suppose it's possible. I don't find the code particularly easy to debug. In the OVAL check XML, you can enter a different top level directory to traverse. Look for unix:path and try changing the value. I'd recommend trying a sub directory that should be safe, then if it works, try your exported filesystem and see if it freaks out.
It might be time to post this over on the open scap list, too. (https://www.redhat.com/mailman/listinfo/open-scap-list)
- Maura Dailey
On 06/19/2013 06:29 PM, Brian Millett wrote:
Ok, how do I go about debugging this:
[root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitshof67c.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsLT_H5A.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bits6eM3gu.xml OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:583] [root@deckard scap]# ./testcheck.py dir_perms_world_writable_sticky_bits.xml Evaluating with OVAL tempfile : /tmp/dir_perms_world_writable_sticky_bitsIWHsj4.xml Definition oval:scap-security-guide.testing:def:100: false
The dir_perms_world_writable_sticky_bits test on ONE rhel6 machine is failing, but sometimes it does not.
When I run an evaluation with the stig-rhel policy, I get
OpenSCAP Error: Unable to receive a message from probe [oval_probe_ext.c:584] No definition with ID: oval:ssg:def:509 in result model. [oval_agent.c:182]
Hello Brian,
When this happens, we tend to rebuilt the package with debugging information and re-run. There are some notes for debugging at
http://www.open-scap.org/page/Debug
Basically, when the debug is on, each process of OpenSCAP creates its own file oscap_debug.log.<PID>. One of the files will be from the probe which is dying. There might be some clue in the file.
If you don't fell like debugging, and your issue is reproducible on another set-up, you can share your files with OpenSCAP mailing list.
Off course, the best option is to open a support ticket with your software provider.
Best regards,
scap-security-guide@lists.fedorahosted.org
-
Brian Millett -
Maura Dailey -
Šimon Lukašík