[Open-scap] [OPEN-SCAP-LIST] I'm trying to execute open-scap on solaris
Haynes, Dan
dhaynes at mitre.org
Tue Aug 6 13:17:53 UTC 2013
Hi,
The errors that you are seeing are validation errors indicating that the values specified for the particular entities (user_id and group_id) are not valid. This is because they are expecting a datatype of “int” and integer values.
The reason for this discrepancy is that in OVAL 5.8, we changed the user_id and group_id entities (along with many others) to be of datatype “int” rather than datatype “string” to better align the datatype and operations (equals, greater than, less than, etc.) with the values found on the system which are just integer values. However, in doing so, we broke backward compatibility with previous versions of OVAL (http://oval.mitre.org/language/about/backwardcompatibility.html). I suspect that the STIG content was written for a version before 5.8, but, OpenSCAP is validating the content against 5.10.
Actually, there was a similar oval-developer-list thread about this last year (http://making-security-measurable.1364806.n2.nabble.com/Error-validating-STIG-content-against-OVAL-schemas-tp7579295.html).
To get the content to work, you will need to either use a tool that supports the OVAL 5.4 content or update the content to align with the new schemas. For the errors that say “attribute ‘datatype’: the value ‘string’ does not match the fixed value constraint ‘int’.”, if there is an integer value present in the content, you will just need to add datatype=”int” to the entity. For the errors that say “‘some_regex_pattern’ is not a valid value of the local union type.”, you would need to rewrite the entity to check for the same values, but, using integer values and operations. For example, you could rewrite:
<group_id datatype=”string” operation=”pattern match”>^(0|2|3)$</group_id> which checks to see if the value is set to 0, 2, or 3
as:
<group_id datatype=”int” operation=”equals” var_ref=”oval:sample:var:1” var_check=”only one”/>
…
<constant_variable id=”oval:sample:var:1” datatype=”int” …>
<value>0</value>
<value>2</value>
<value>3</value>
</constant_variable>
Hope this helps.
Thanks,
Danny
From: open-scap-list-bounces at redhat.com [mailto:open-scap-list-bounces at redhat.com] On Behalf Of ???
Sent: Tuesday, August 06, 2013 12:30 AM
To: open-scap-list at redhat.com
Subject: [Open-scap] [OPEN-SCAP-LIST] I'm trying to execute open-scap on solaris
Hi
I'm trying to execute open-scap on solaris.
So I installed openscap and inputed 'oscap oval eval --result SolaTest U_Solaris_10_X86-V1R4_STIG_Benchmark-oval.xml' on terminal
But I got errors. you can see errors through a attached document.
How to resolve that ?
p.s I'm student in korea. I'm not good english. sorry
Open-scap version is 0.8.1
Solaris version is 11.1
[Image removed by sender.]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20130806/066f4f7c/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: ~WRD000.jpg
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20130806/066f4f7c/attachment.jpg>
More information about the Open-scap-list
mailing list