[Open-scap] How does oscap get platform information?
Martin Preisler
mpreisle at redhat.com
Wed Oct 19 20:32:37 UTC 2016
----- Original Message -----
> From: "Peter DeVries" <pdevries at quotient-inc.com>
> To: open-scap-list at redhat.com
> Sent: Wednesday, October 19, 2016 9:45:55 AM
> Subject: [Open-scap] How does oscap get platform information?
>
> I've got a problem on some xccdf files I've built from the github
> source. Eval works fine but when I run with remediation it pauses for
> a moment after the "starting remediation" line and then just ends.
> If I edit the XCCDF file and remove the `platform="blah"` option from
> the <fix..> definition remediation will proceed and will fix any
> issues. I have shown this on Centos7 and RHEL7 with the same results.
> I have tested with both the oscap RPM and freshly compiled oscap from
> github.
>
> My questions are:
> - How does oscap get the system information to compare to the CPE
> dictionary?
> - Is there a way to run a command that shows what my system is reporting?
> - What is the correct way to fix this? As opposed to just using sed
> to remove platform=.. from all fix definitions
Sounds like this is related to an issue I have fixed today.
Check out:
https://github.com/OpenSCAP/scap-security-guide/pull/1515
https://github.com/OpenSCAP/scap-security-guide/issues/1509
--
Martin Preisler
Identity Management and Platform Security | Red Hat, Inc.
More information about the Open-scap-list
mailing list