[Open-scap] Open SCAP with RHEL5 USGCB content (UNCLASSIFIED)
Shaw, Ray V CTR (US)
ray.v.shaw.ctr at mail.mil
Tue Nov 27 18:17:48 UTC 2012
Classification: UNCLASSIFIED
Caveats: NONE
Not sure if anyone else is still exploring this (I see one thread from June
regarding this content), but I did a comparison of SPAWAR SCC and Open SCAP
0.9.2 scanning a RHEL5 system using the RHEL5 USGCB 1.0.5.0 XCCDF content.
I had to strip the platform information; attempting to specify the
dictionary with --cpe gave me an error with this content. I had to use
something slightly different, because they have a commented-out platform
line in the content, and the comment spans lines, and well...it gets messy
if I use the previous sed statement. But this works (and should hopefully
work for other things as well):
perl -p -i -e 's/[^<!--]<platform.*[^-->]$//g'
/opt/scc/Resources/Content/USGCB-RHEL5-1.0.5.0/usgcb-rhel5desktop-xccdf.xml
I then scanned it using the following:
oscap xccdf eval --profile "united_states_government_configuration_baseline"
--results `hostname`_desktop.xml --report `hostname`_desktop.html
/opt/scc/Resources/Content/USGCB-RHEL5-1.0.5.0/usgcb-rhel5desktop-xccdf.xml
YMMV; for me, the results were extremely close. The primary differences I
noticed were that all of the "Ensure <x> has its own partition" checks were
"not selected" by Open SCAP (SCC marked them as "failed", which is correct
for this particular test system):
CCE-14011-1
CCE-14161-4
CCE-14171-3
CCE-14559-9
CCE-14777-7
Also, "Ensure software is up to date" resulted in "notchecked" on Open SCAP
and "error" on SCC.
--
Ray Shaw
Contractor, STG
Unix support, Army Research Labs
Classification: UNCLASSIFIED
Caveats: NONE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5621 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20121127/52b547a8/attachment.bin>
More information about the Open-scap-list
mailing list