[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Open-scap] help with SCE content creation



I'm trying to create SCE checks and receiving a 'notchecked' status with "No candidate or applicable check found" in my results.xml. Below is my code, any pointers would be fantastic!


XCCDF
 as follows:
<Group id="rhel6" hidden="false">
  <title xml:lang="en-US">RHEL6 CVE and RHSA Scanning</title>
  <description xml:lang="en-US">RHEL6 CVE and RHSA Scanning</description>
  <Rule id="unconfined_daemons" selected="true" severity="medium">
<title xml:lang="en-US">Check that there are no unconfined daemons (SELINUX)</title> <description xmlns:xhtml="http://www.w3.org/1999/xhtml"; xml:lang="en-US">
      Test description
    </description>
<rationale xmlns:xhtml="http://www.w3.org/1999/xhtml"; xml:lang="en-US">
    Test rationale
    </rationale>
    <ident system="http://cce.mitre.org";>CCE-26828-4</ident>
    <check system="http://open-scap.org/page/SCE";>
      <check-import import-name="stdout" />
      <check-content-ref href="unconfined_daemons.sh" />
    </check>
  </Rule>
</Group>



The unconfined_daeomons.sh script is one within OpenSCAP tests/ directory [1], however I modified it to set environmental variables:
## Set env variables
XCCDF_RESULT_PASS=101; export XCCDF_RESULT_PASS
XCCDF_RESULT_FAIL=102; export XCCDF_RESULT_FAIL
XCCDF_RESULT_ERROR=103; export XCCDF_RESULT_ERROR
XCCDF_RESULT_UNKNOWN=104; export XCCDF_RESULT_UNKNOWN
XCCDF_RESULT_NOT_APPLICABLE=105; export XCCDF_RESULT_NOT_APPLICABLE
XCCDF_RESULT_NOT_CHECKED=106; export XCCDF_RESULT_NOT_CHECKED
XCCDF_RESULT_NOT_SELECTED=107; export XCCDF_RESULT_NOT_SELECTED
XCCDF_RESULT_INFORMATIONAL=108; export XCCDF_RESULT_INFORMATIONAL
XCCDF_RESULT_FIXED=109; export XCCDF_RESULT_FIXED


When I run the scan I receive a result of "notchecked." I've tried with and without CPE dictionaries (updating the XCCDF to reflect):
# oscap xccdf eval --profile test \
--cpe /var/www/html/scap-security-guide/RHEL6/output/ssg-rhel6-cpe-dictionary.xml \
--results results.xml \
xccdf.xml
Title   Check that there are no unconfined daemons (SELINUX)
Rule    unconfined_daemons
Ident   CCE-26828-4
Result  notchecked

Within the results.xml file, I have:
<rule-result idref="unconfined_daemons" time="2013-05-06T20:41:24" severity="medium" weight="1.000000">
      <result>notchecked</result>
      <ident system="http://cce.mitre.org";>CCE-26828-4</ident>
<message severity="info">No candidate or applicable check found.</message>
    </rule-result>

Any pointers to where I'm going wrong would be most appreciated!


[1] https://git.fedorahosted.org/cgit/openscap.git/tree/tests/sce/unconfined_daemons.sh


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]