[Open-scap] return codes
Simon Lukasik
slukasik at redhat.com
Fri Nov 8 08:24:48 UTC 2013
On 11/08/2013 06:55 AM, Maria Kedovskaya wrote:
> Hello,
> As I understand openscap has 3 return codes:
> 0 - all "pass"
> 1- at least one "error"
> 2 - at lest one "false"/"unknown"/"unselected".
Hello Maria,
I believe that the "unselected" should not be present on this list. Our
manual page reads:
In cases when oscap performs evaluation of the system it may
return 2 indicating success of the operation but incompliance
of the assessed system.
> Tell me please what for point 2 was maid if "false" is also good result of
> configuration.
I am not sure if you are referring to XCCDF evaluation or OVAL
evaluation. The answer is different for each.
As for XCCDF evaluation, the result should never be "fail". The XCCDF
has features to negate results. And results from OVAL (based on the
definition's class) to XCCDF are reported correctly.
As for OVAL evaluation, the result could be "false" with meaning that
the assessed machine is in compliance. In that case, the respective
oval-def:definition/@class
should be equal either to
"vulnerability"
or to
"patch"
However, for OVAL evaluation we never return 2. You may file a feature
request for oscap-oval-eval to return 2 in cases of incompliance.
Best regards,
--
Simon Lukasik
Security Technologies
More information about the Open-scap-list
mailing list