Hello Dhanushka,
first of, I added scap-security-guide list, as that will make more sense
for this kind of questions. open-scap-list is mostly about scanner
issues (and in 99% cases, problem is in content, not in the scanner).
Regarding the problem itself, it would be great if you took a look at
the sources for the oval, maybe you'll be able to find the issue
yourself. As you are on the platform.
To find the source for the issue, I have checked the ID of the rule is
rule_apt_sources_official. So calling this in cloned git repo:
`find . | grep apt_sources_list`
will tell you where are the sources:
./linux_os/guide/services/apt/apt_sources_list_official/oval/shared.xml
is the source for check.
There is no complexity, there just regexes, so if you find an issue,
pull request with the fix would be awesome, but explanation what is the
bug will also do.
Thanks!
Marek
On 09/07/2018 07:38 AM, Dhanushka Parakrama wrote:
Hi Team
In Debian 8 */etc/apt/sources.list *file include below repositories
deb
http://ftp.us.debian.org/debian/ jessie main
deb-src
http://ftp.us.debian.org/debian/ jessie main
deb
http://security.debian.org/ jessie/updates main
deb-src
http://security.debian.org/ jessie/updates main
but still *oscap xccdf eval --profile
xccdf_org.ssgproject.content_profile_anssi_np_nt28_high --report
report.html ssg-debian8-ds.xml * Scan says
image.png
*Ensure that official distribution repositories are used * -> *FAIL*
Is there any reason for that ?
Thank You
Dhanushka
_______________________________________________
Open-scap-list mailing list
Open-scap-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list