We ran a couple different RHEL profiles on CentOS 6.4 virtual machine and received "not applicable" for all results.
That's the first time I've seen nonapplicable and I'm trying understand what it means. (I know it means not applicable, but I want to make sure we don't have a configuration issue set incorrectly.)
Here's what we ran:
*oscap xccdf eval --profile DOD_baseline_1.0.0.1 --cpe dcb-rhel5_cpe-dictionary.xml --results result.xml --oval-results dcb-rhel5_xccdf.xml*
Sample below.
---------- Forwarded message ---------- From: Rodney Cobb rocobb@gitmachines.com Date: Thu, May 22, 2014 at 4:10 PM Subject: Scap Results To: Greg Elin gregelin@gitmachines.com
Greg,
Here is snippet of the results:
*Title Disable Samba if Possible*
*Rule dcb-rhel5-3.18.1.a*
*Ident CCE-4551-8*
*Result notapplicable*
*Title Require Client SMB Packet Signing, if using smbclient*
*Rule dcb-rhel5-3.18.2.10.a*
*Ident CCE-14075-6*
*Result notapplicable*
*Title Require Client SMB Packet Signing, if using mount.cifs*
*Rule dcb-rhel5-3.18.2.11.a*
*Ident CCE-15029-2*
*Result notapplicable*
*Title Disable Squid if Possible*
*Rule dcb-rhel5-3.19.1.a*
*Ident CCE-4556-7*
*Result notapplicable*
*Title Uninstall Squid if Possible*
*Rule dcb-rhel5-3.19.1.b*
*Ident CCE-4076-6*
*Result notapplicable*
Here is the command given in terminal that produced previous results:
*oscap xccdf eval --profile DOD_baseline_1.0.0.1 --cpe dcb-rhel5_cpe-dictionary.xml --results result.xml --oval-results dcb-rhel5_xccdf.xml*
Rodney
You need a modified cpe-oval. Simply change redhat-release to centos-release.
See the attached example, as pulled from the RHEL5 STIG.
Best regards,
Trey Henefield, CISSP Senior IAVA Engineer
Ultra Electronics Advanced Tactical Systems, Inc. 4101 Smith School Road Building IV, Suite 100 Austin, TX 78744 USA
Trey.Henefield@ultra-ats.com Tel: +1 512 327 6795 ext. 647 Fax: +1 512 327 8043 Mobile: +1 512 541 6450
www.ultra-ats.com
From: scap-security-guide-bounces@lists.fedorahosted.org [mailto:scap-security-guide-bounces@lists.fedorahosted.org] On Behalf Of Greg Elin Sent: Thursday, May 22, 2014 3:47 PM To: scap-security-guide@lists.fedorahosted.org Subject: "notapplicable" in scap results?
We ran a couple different RHEL profiles on CentOS 6.4 virtual machine and received "not applicable" for all results.
That's the first time I've seen nonapplicable and I'm trying understand what it means. (I know it means not applicable, but I want to make sure we don't have a configuration issue set incorrectly.)
Here's what we ran:
oscap xccdf eval --profile DOD_baseline_1.0.0.1 --cpe dcb-rhel5_cpe-dictionary.xml --results result.xml --oval-results dcb-rhel5_xccdf.xml
Sample below.
---------- Forwarded message ---------- From: Rodney Cobb <rocobb@gitmachines.commailto:rocobb@gitmachines.com> Date: Thu, May 22, 2014 at 4:10 PM Subject: Scap Results To: Greg Elin <gregelin@gitmachines.commailto:gregelin@gitmachines.com>
Greg,
Here is snippet of the results:
Title Disable Samba if Possible
Rule dcb-rhel5-3.18.1.a
Ident CCE-4551-8
Result notapplicable
Title Require Client SMB Packet Signing, if using smbclient
Rule dcb-rhel5-3.18.2.10.a
Ident CCE-14075-6
Result notapplicable
Title Require Client SMB Packet Signing, if using mount.cifs
Rule dcb-rhel5-3.18.2.11.a
Ident CCE-15029-2
Result notapplicable
Title Disable Squid if Possible
Rule dcb-rhel5-3.19.1.a
Ident CCE-4556-7
Result notapplicable
Title Uninstall Squid if Possible
Rule dcb-rhel5-3.19.1.b
Ident CCE-4076-6
Result notapplicable
Here is the command given in terminal that produced previous results:
oscap xccdf eval --profile DOD_baseline_1.0.0.1 --cpe dcb-rhel5_cpe-dictionary.xml --results result.xml --oval-results dcb-rhel5_xccdf.xml
Rodney
Disclaimer The information contained in this communication from trey.henefield@ultra-ats.com sent at 2014-05-22 17:12:33 is confidential and may be legally privileged. It is intended solely for use by scap-security-guide@lists.fedorahosted.org and others authorized to receive it. If you are not scap-security-guide@lists.fedorahosted.org you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful.
----- Original Message -----
From: "Trey Henefield" trey.henefield@ultra-ats.com To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Thursday, May 22, 2014 11:12:25 PM Subject: RE: "notapplicable" in scap results?
You need a modified cpe-oval. Simply change redhat-release to centos-release.
See the attached example, as pulled from the RHEL5 STIG.
Hi, I will just reiterate that we are happy to accept patches! This would involve adding CentOS 5 and 6 to CPE and CPE OVAL files that come with openscap. See https://git.fedorahosted.org/cgit/openscap.git/tree/cpe
This would be a proper fix, much cleaner than the proposed hack.
----- Original Message -----
From: "Martin Preisler" mpreisle@redhat.com To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Friday, May 23, 2014 1:07:06 PM Subject: Re: "notapplicable" in scap results?
----- Original Message -----
From: "Trey Henefield" trey.henefield@ultra-ats.com To: "SCAP Security Guide" scap-security-guide@lists.fedorahosted.org Sent: Thursday, May 22, 2014 11:12:25 PM Subject: RE: "notapplicable" in scap results?
You need a modified cpe-oval. Simply change redhat-release to centos-release.
See the attached example, as pulled from the RHEL5 STIG.
Hi, I will just reiterate that we are happy to accept patches! This would involve adding CentOS 5 and 6 to CPE and CPE OVAL files that come with openscap. See https://git.fedorahosted.org/cgit/openscap.git/tree/cpe
This would be a proper fix, much cleaner than the proposed hack.
Patches no longer needed. This was implemented a few moments ago, see https://git.fedorahosted.org/cgit/openscap.git/commit/?id=e09f29496081a0525c...
scap-security-guide@lists.fedorahosted.org
-
Greg Elin -
Martin Preisler -
Trey Henefield