Page 1 of 1

Running Openscap scans

Posted: 2019/10/26 23:31:57
by droidus
I am trying to run openscap scans. I tried the following:

Code: Select all

sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
and

Code: Select all

sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_ospp --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
But they all return with a status of "notapplicable".
How can I run these?

Re: Running Openscap scans

Posted: 2019/12/09 18:20:00
by teknohippie
I find myself facing this same issue.
Has anyone else encountered this or discovered a solution?

Re: Running Openscap scans

Posted: 2019/12/12 14:55:49
by FtEustis
I'm having the same issue, and would love to figure it out. So far I've learned it has something to do with CPE, and how OSCAP is looking for RHEL 7 while running the DISA content. Still searching.

Re: Running Openscap scans

Posted: 2020/03/30 06:36:00
by fassl
The nuclear option is to do the following:

Code: Select all

sudo sed -i \
  -e 's|idref="cpe:/o:redhat:enterprise_linux|idref="cpe:/o:centos:centos|g' \
  -e 's|ref_id="cpe:/o:redhat:enterprise_linux|ref_id="cpe:/o:centos:centos|g' \
  /usr/share/xml/scap/ssg/content/ssg-rhel*.xml
It seems the tests are set explicitly for redhat:enterprise_linux but i cannot be sure.

regards

Re: Running Openscap scans

Posted: 2020/03/30 12:57:31
by fassl
I just found this: https://github.com/ComplianceAsCode/content/releases

The releases contain centos xmls and when you get the source code you can build them yourself with:

Code: Select all

./build_product --derivatives rhel?

Re: Running Openscap scans

Posted: 2020/04/14 20:00:12
by popsec
I'm encountering the exact same issue as droidus. I can execute the scan, but all results in the console and in the report are showing as not applicable. Has anyone found a solution to this? I just downloaded the security content this morning and the CPE dictionary for rhel8 includes CentOS as fassl mentioned, but still every finding is not applicable.