search

ComplianceAsCode / content

Security automation content in SCAP, Bash, Ansible, and other formats
https://complianceascode.readthedocs.io/en/latest/
Other
2.17k stars 685 forks source link

Missing referenced check files for RHEL 9 profile #12368

Open yuljk opened 1 week ago

yuljk commented 1 week ago

Description of problem:

When performing an evaluation as per below I receive an error :-

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis --results ssg-rhel9-ds.xml --report ssg-rhel9-level2-ds.html /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml

OpenSCAP Error: Unable to open file: '/usr/share/xml/scap/ssg/content/ssg-rhel9-oval.xml' [/builddir/build/BUILD/openscap-1.3.10/src/source/oscap_source.c:298] Could not find file /usr/share/xml/scap/ssg/content/ssg-rhel9-oval.xml: No such file or directory. [/builddir/build/BUILD/openscap-1.3.10/src/DS/sds.c:697] Unable to open file: '/usr/share/xml/scap/ssg/content/ssg-rhel9-ocil.xml' [/builddir/build/BUILD/openscap-1.3.10/src/source/oscap_source.c:298] Could not find file /usr/share/xml/scap/ssg/content/ssg-rhel9-ocil.xml: No such file or directory. [/builddir/build/BUILD/openscap-1.3.10/src/DS/sds.c:697]

Neither of these files exist in the directory.

I installed scap-security-guide from the official RHEL 9 repository as per

dnf install scap-security-guide

SCAP Security Guide Version:

scap-security-guide-0.1.74-1.el9_4.noarch

Operating System Version:

RHEL 9.4

Steps to Reproduce:

1. 2. 3. 4.

Actual Results:

Aforementioned files are not present in the directory

Expected Results:

The following files should be present in the directory ssg-rhel9-ocil.xml ssg-rhel9-oval.xml

Additional Information/Debugging Steps:

I'm new to using openscap, so forgive me if I'm missing something! - But I presume the required check files mentioned in the profile should be present when doing a RHEL 9 Server Level 2 evaluation?

Kind Regards

ggbecker commented 1 week ago

Description of problem:

When performing an evaluation as per below I receive an error :-

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis --results ssg-rhel9-ds.xml --report ssg-rhel9-level2-ds.html /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml

That's really weird, I've just ran the same command and didn't get the error.

The file /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml should embed all the other files that OpenSCAP needs to execute. So that's really weird what is going on.

Maybe you don't have the right permissions to the file, or you are not running as root/sudo or maybe you can try to reinstall the package.