[Open-scap] Need help understanding RHEL STIG findings
Shawn Wells
shawn at redhat.com
Wed Jan 30 17:58:16 UTC 2013
On 1/30/13 11:38 AM, Snyder, Chris wrote:
>
> I'm trying to understand my findings from applying the latest RHEL5
> STIG Benchmark against one of my RHEL5 hosts. The results appear to
> indicate some false positives and I don't know how to determine if
> that is indeed the case or not. Ultimately, I would love to gain more
> insight into how to determine what tests are being performed by
> openscap for a given STIG/XCCDF/OVAL item or at least how to find out
> the results of the tests being run, i.e. I want to understand WHY
> openscap is reporting these items as failed.
>
To make things a bit more consumable you can utilize OpenSCAP's
"generate guide," turning the STIG into something that is actually readable:
$ oscap xccdf generate guide \
/tmp/U_RedHat_5-V1R1_STIG_Benchmark-xccdf.xml \
> /tmp/U_RedHat_5-V1R1_STIG_Benchmark.html
Pull up /tmp/U_RedHat_5-V1R1_STIG_Benchmark.html in your favorite
browser and look around.
When you run a scan you can have OpenSCAP generate an HTML report which
gives more details around failures:
$ sudo sh -c "oscap xccdf eval --profile MAC-1_Public \
--results stig-xccdf-results.xml \
--report /tmp/`hostname`-stigscanresults.html \
--oval-results \
--cpe-dict /tmp/U_RedHat_5-V1R1_STIG_Benchmark-cpe-dictionary.xml \
/tmp/U_RedHat_5-V1R1_STIG_Benchmark-xccdf.xml"
View /tmp/`hostname`-stigscanresults.html in your browser and click on
some of the failed items. Many give you details under the "Remediation
Script" section.
Here is my report against a generic RHEL 5.8 install, for example:
https://blog-shawndwells.rhcloud.com/wp-content/uploads/2012/10/stigscanresults-beforeaqueduct.html
Here is the process that I use for STIGing a RHEL5 box, using
OpenSCAP+Aqueduct:
https://blog-shawndwells.rhcloud.com/2012/10/how-to-stig-a-red-hat-enterprise-linux-rhel5-machine/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20130130/aa9f4b73/attachment.htm>
More information about the Open-scap-list
mailing list