[Open-scap] OpenSCAP Error, Missing Library?

Anthony Davis Anthony.Davis at bbc.co.uk
Thu Apr 18 14:16:34 UTC 2013


Hi Martin,

Thanks for the reply, so its working now I have used --skip-valid which is great as im getting a bit further with it.

Looks like a really useful tool.

Only my next problem though, it seems to hang during the cans, namely on

Rule ID:        SV-37379r1_rule
Title:          All interactive user home directories defined in the /etc/passwd file must exist.

I am running with: /usr/bin/oscap xccdf eval --results /tmp/tmpYp6_Ec --skip-valid --profile=MAC-1_Public /tmp/U_RedHat_5-V1R1_STIG_Benchmark-xccdf.xml

and the rule after it, is there a way to get a more granular output to see whats going on and find out why it is hanging? The system only has the bog standard redhat users on it, cant be more than 20 system users so I dont think it is due to volume of dirs it has to check?

Also, Thankyou for all other replies!

Kind Regards

Tony
________________________________________
From: Martin Preisler [mpreisle at redhat.com]
Sent: 18 April 2013 10:27
To: Anthony Davis
Cc: Simon Lukasik; open-scap-list at redhat.com
Subject: Re: [Open-scap] OpenSCAP Error, Missing Library?

Hi,
see https://bugzilla.redhat.com/show_bug.cgi?id=877348

This version of libxml2 has issues validating using *some* XSD features.

If you just need to test things out and work this around, use --skip-valid option to skip validation altogether. The tool should still parse the input fine.

----- Original Message -----
> From: "Anthony Davis" <Anthony.Davis at bbc.co.uk>
> To: "Simon Lukasik" <slukasik at redhat.com>
> Cc: open-scap-list at redhat.com
> Sent: Thursday, April 18, 2013 10:39:43 AM
> Subject: Re: [Open-scap] OpenSCAP Error, Missing Library?
>
> Hi Simon,
>
> So the rpm is:
>
> [root at server tmp]# rpm -q libxml2
> libxml2-2.6.26-2.1.12.el5_7.2
>
> Kind Regards
>
> Tony
> ________________________________________
> From: Simon Lukasik [slukasik at redhat.com]
> Sent: 18 April 2013 08:35
> To: Anthony Davis
> Cc: open-scap-list at redhat.com
> Subject: Re: [Open-scap] OpenSCAP Error, Missing Library?
>
> On 04/17/2013 08:26 PM, Anthony Davis wrote:
> > Hi,
> >
> > I am trying to implement OpenSCAP in RHEL 5.8 at the moment and
> > satellite 5.5. I am getting an error and im pretty sure its a missing
> > library due to our very heavily stripped down build. I cant seem to work
> > out what library it is. Can any one offer any help?
> >
>
> Hello Anthony,
>
> These messages come from the XML validation. OpenSCAP validates its
> inputs and outputs using XSD. You can skip XML validation by providing
> --skip-valid command-line option.
>
> To debug further, could you please provide us with the output of
>
>    $ rpm -q libxml2
>
> Thanks,
>
> --
> Simon Lukasik
> Security Technologies
>
>
> -----------------------------
> http://www.bbc.co.uk
> This e-mail (and any attachments) is confidential and
> may contain personal views which are not the views of the BBC unless
> specifically stated.
> If you have received it in
> error, please delete it from your system.
> Do not use, copy or disclose the
> information in any way nor act in reliance on it and notify the sender
> immediately.
> Please note that the BBC monitors e-mails
> sent or received.
> Further communication will signify your consent to
> this.
> -----------------------------
>
> _______________________________________________
> Open-scap-list mailing list
> Open-scap-list at redhat.com
> https://www.redhat.com/mailman/listinfo/open-scap-list
>


-----------------------------
http://www.bbc.co.uk
This e-mail (and any attachments) is confidential and
may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in
error, please delete it from your system.
Do not use, copy or disclose the
information in any way nor act in reliance on it and notify the sender
immediately.
Please note that the BBC monitors e-mails
sent or received.
Further communication will signify your consent to
this.
-----------------------------




More information about the Open-scap-list mailing list