[Open-scap] "No TestResult" error with oscap xccdf generate fix

Simon Lukasik slukasik at redhat.com
Fri Feb 8 16:12:42 UTC 2013


On 02/06/2013 05:02 PM, Francisco Slavin wrote:
> On Tuesday, February 05, 2013 2:36 PM Jeffrey Blank wrote:
>>
>> Yes indeed.  I had only mistakenly/carelessly used "bash" originally -- sorry
>> for the bump.
>>
>> Hmm, maybe we will want some for augeas and puppet for the next XCCDF
>> rev :)
>>

Hello Francisco,

> It's entirely possible you started using "bash" because a while ago I pointed you to the way we write <fix> content for SecState, which uses "bash":
> https://fedorahosted.org/secstate/wiki/RemediationContentHowTo
> 
> The reason we used "bash" instead of "sh" is that simply using "sh" is not necessarily an accurate way to indicate Bourne Shell.

I am sorry, but I cannot agree. The NISTIR-7275r4 reads:

    urn:xccdf:fix:script:$language -- A script written in the given
    language. (...) The following languages are pre-defined:
    sh – Bourne shell

Thus, I came to the conclusion that urn:xccdf:fix:script:sh is accurate
way to indicate Bourne Shell.

What I am missing here?

> On a RHEL/Fedora system /bin/sh is a symlink to bash, but on an Ubuntu system /bin/sh is a symlink to dash.
> 

By the way, who is holding a gun to your head to use /bin/sh as a
location of /bin/bash?

Regards,

-- 
Simon Lukasik
Security Technologies




More information about the Open-scap-list mailing list