[Open-scap] XCCDF Evaluation on RHEL 6

Daniel Kopecek dkopecek at redhat.com
Thu Apr 21 12:22:28 UTC 2011


On Wed, 20 Apr 2011 12:14:13 -0400
Patrick Lucas <patrick.lucas at gtri.gatech.edu> wrote:

> On 04/19/2011 05:28 PM, Steve Grubb wrote:
>  > Which version of openscap are you using? Openscap in RHEL6 GA was 
> missing some
>  > functionality, but its being updated in 6.1.
> 
> On 04/19/2011 08:07 PM, Daniel Kopecek wrote:
> > I've just tested the latest sources from git on RHEL 6.0 and I see
> > only pass/fail results, no unknown results. The library self-tests
> > are also ok.
> 
> Aha - I had not recognized that the XCCDF tests found in the repo did 
> not exist when the version of OpenSCAP included in RHEL 6.0 (0.6.0)
> was released.
> 
> After building an updated RPM with the 0.7.2 sources and running the 
> same tests, I got the expected results.
> 
> Without building with --enable-debug, is there a way to get more 
> information about tests returning 'unknown'? I notice the oscap tool 

In some cases a unknown result is caused by the unknown_test in the
chain (which means that a definition isn't implemented yet or couldn't
be implemented using the available tests/objects).

> itself does not have a verbose mode, but is that information
> available anywhere else?

The tool is by default in verbose mode, so all you can see is all you
can get from stdout :] Usually it is possible to extract additional
information from the OVAL results (use the --oval-results option to
generate them in xccdf mode) but that requires understanding of the
OVAL language.

Dan K.




More information about the Open-scap-list mailing list