[Open-scap] XCCDF Evaluation on RHEL 6
Daniel Kopecek
dkopecek at redhat.com
Thu Apr 21 12:22:28 UTC 2011
On Wed, 20 Apr 2011 12:14:13 -0400
Patrick Lucas <patrick.lucas at gtri.gatech.edu> wrote:
> On 04/19/2011 05:28 PM, Steve Grubb wrote:
> > Which version of openscap are you using? Openscap in RHEL6 GA was
> missing some
> > functionality, but its being updated in 6.1.
>
> On 04/19/2011 08:07 PM, Daniel Kopecek wrote:
> > I've just tested the latest sources from git on RHEL 6.0 and I see
> > only pass/fail results, no unknown results. The library self-tests
> > are also ok.
>
> Aha - I had not recognized that the XCCDF tests found in the repo did
> not exist when the version of OpenSCAP included in RHEL 6.0 (0.6.0)
> was released.
>
> After building an updated RPM with the 0.7.2 sources and running the
> same tests, I got the expected results.
>
> Without building with --enable-debug, is there a way to get more
> information about tests returning 'unknown'? I notice the oscap tool
In some cases a unknown result is caused by the unknown_test in the
chain (which means that a definition isn't implemented yet or couldn't
be implemented using the available tests/objects).
> itself does not have a verbose mode, but is that information
> available anywhere else?
The tool is by default in verbose mode, so all you can see is all you
can get from stdout :] Usually it is possible to extract additional
information from the OVAL results (use the --oval-results option to
generate them in xccdf mode) but that requires understanding of the
OVAL language.
Dan K.
More information about the Open-scap-list
mailing list