[Open-scap] "No TestResult" error with oscap xccdf generate fix
Simon Lukasik
slukasik at redhat.com
Fri Feb 8 16:12:42 UTC 2013
On 02/06/2013 05:02 PM, Francisco Slavin wrote:
> On Tuesday, February 05, 2013 2:36 PM Jeffrey Blank wrote:
>>
>> Yes indeed. I had only mistakenly/carelessly used "bash" originally -- sorry
>> for the bump.
>>
>> Hmm, maybe we will want some for augeas and puppet for the next XCCDF
>> rev :)
>>
Hello Francisco,
> It's entirely possible you started using "bash" because a while ago I pointed you to the way we write <fix> content for SecState, which uses "bash":
> https://fedorahosted.org/secstate/wiki/RemediationContentHowTo
>
> The reason we used "bash" instead of "sh" is that simply using "sh" is not necessarily an accurate way to indicate Bourne Shell.
I am sorry, but I cannot agree. The NISTIR-7275r4 reads:
urn:xccdf:fix:script:$language -- A script written in the given
language. (...) The following languages are pre-defined:
sh – Bourne shell
Thus, I came to the conclusion that urn:xccdf:fix:script:sh is accurate
way to indicate Bourne Shell.
What I am missing here?
> On a RHEL/Fedora system /bin/sh is a symlink to bash, but on an Ubuntu system /bin/sh is a symlink to dash.
>
By the way, who is holding a gun to your head to use /bin/sh as a
location of /bin/bash?
Regards,
--
Simon Lukasik
Security Technologies
More information about the Open-scap-list
mailing list