[Open-scap] OSCAP Debug Pointers
Simon Lukasik
slukasik at redhat.com
Mon Dec 16 12:23:13 UTC 2013
On 12/13/2013 07:58 PM, Matthew Mariani wrote:
> Hi Simon,
> Thanks.
>
Hello Matthew,
> First, on this page http://www.open-scap.org/page/Debug, where are commands like 'configure' and 'run' found, as in lines like "./configure --enable-debug && make".
> My build process was to git the oscap repo, then run a Make in the scap-security-guide directory below. I'm seeing how to run 'configure' in this build model.
> [root at rhel6client scap-security-guide]# ls
> docs Fedora JBossEAP5 JBossFuse6 LICENSE Makefile OpenStack README RHEL6 RHEVM3 scap-security-guide.spec
The configure shell script should be found in your openscap directory.
Not the directory of scap-security-guide.
Please use autogen.sh to generate configure script for you, if you are
making oscap from git.
$ ./autogen.sh
$ ./configure --enable-debug
>
> Attached are 1.) my XCCDF (package_checks.xml) in ..../RHEL6/input/system/software that calls 2.) my OVAL in .../RHEL6/input/checks (check_for_nonRH_packages.xml). I then built a simple profile to call just the ccp_check_for_nonRH_packages OVAL rule, along with a couple others.
>
> Results in the following error:
> [root at rhel6client ~]# ./run_rht_scap_new
> Title Check for Non-RH Signed Pacakages
> Rule ccp_check_for_nonRH_packages
> Ident (null)
> Result unknown
>
> OpenSCAP Error: No definition with ID: oval:ssg:def:3121 in result model. [oval_agent.c:180]
> [root at rhel6client ~]#
> [root at rhel6client ~]# grep "oval:ssg:def:3121" projects/scap-security-guide/RHEL6/output/ssg-rhel6-oval.xml
> <definition class="compliance" id="oval:ssg:def:3121" version="1">
> [root at rhel6client ~]#
>
> Hope this helps. Again, it's great to debug this, but really I'm hoping to learn >how< to debug.
Debugging messages appear in the working directory in files named
oscap_debug.log.{pid}.
Also, it often helps to reduce reproducer to absolute minimum. -> Start
with whole XCCDF content, than try to carve out any unrelated rules.
Make sure that you still see the problem. Then look at OVAL definition
and carve out anything unrelated.
Hope this helps,
--
Simon Lukasik
Security Technologies
More information about the Open-scap-list
mailing list