[Open-scap] OpenSCAP and SSG testing

Jeffrey Blank blank at eclipse.ncsc.mil
Wed Sep 12 22:15:52 UTC 2012 

Hi Peter,

Thanks again for early RPM build of openscap.

For the OVAL schematron validation, oscap expects the schematron file in
a certain place, but the installers do not place it there:

[blank at rhel6test2 output]$ gdb oscap
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-56.el6)
Reading symbols from /usr/local/bin/oscap...done.
(gdb) run oval validate-xml --results --schematron
rhel6-oval-scap-security-guide.xml.result.xml

Starting program: /usr/local/bin/oscap oval validate-xml --results
--schematron rhel6-oval-scap-security-guide.xml.result.xml
[Thread debugging using libthread_db enabled]
OpenSCAP Error: XSLT file to be used by the transformation was not
found. [oscap.c:326]

Program exited with code 01.
(gdb) b oscap_apply_xslt_var
Breakpoint 1 at 0x7ffff7d13ebb: file oscap.c, line 310.
(gdb) run oval validate-xml --results --schematron
rhel6-oval-scap-security-guide.xml.result.xml
Starting program: /usr/local/bin/oscap oval validate-xml --results
--schematron rhel6-oval-scap-security-guide.xml.result.xml
[Thread debugging using libthread_db enabled]

Breakpoint 1, oscap_apply_xslt_var (xmlfile=0x7fffffffe6a8
"rhel6-oval-scap-security-guide.xml.result.xml",
    xsltfile=0x7ffff7dac608 "oval/5.10/oval-results-schematron.xsl",
outfile=0x0, params=0x7fffffffe130, pathvar=0x7ffff7dab747
"OSCAP_SCHEMA_PATH",
    defpath=0x7ffff7dab6c0 "/usr/local/share/openscap/schemas") at
oscap.c:310
310     {
(gdb)


It was easy to fix by copying oval-results-schematron.xsl from the
openscap source tree to /usr/local/share/openscap-schemas/oval/5.10.
Should the RPM (or make install) do this normally?


Thanks,
Jeff






On 08/29/2012 11:58 AM, Peter Vrabec wrote:
> Hi folks,
> 
> I'd like to encourage you to help OpenSCAP upstream with development.
> Installing the latests oscap tool and testing both SSG content and
> OpenSCAP together is beneficial.
> 
> You don't need to build it yourself. We provide packages for Fedora,
> RHEL and CentOS.
> 
> http://www.open-scap.org/page/Download
> 
> 
> My testing procedure:
> 
> --- VALIDATE INPUT ---
> $ oscap xccdf validate-xml
> ssg/RHEL6/output/rhel6-xccdf-scap-security-guide.xml
> $ oscap oval validate-xml --schematron
> ssg/RHEL6/output/rhel6-oval-scap-security-guide.xml
> 
> --- EVAL ---
> $ oscap xccdf eval --profile common --results ssg-xccdf-results.xml
> --oval-results ssg/RHEL6/output/rhel6-xccdf-scap-security-guide.xml
> 
> --- VALIDATE OUTPUT ---
> $ oscap xccdf validate-xml ssg-xccdf-results.xml
> $ oscap oval validate-xml --results --schematron
> rhel6-oval-scap-security-guide.xml.result.xml
> 
> 
> Regards,
> Peter.
> _______________________________________________
> scap-security-guide mailing list
> scap-security-guide at lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide

More information about the Open-scap-list mailing list