rtadros125
commented
3 years ago Interesting; Thanks I want to say 4 things:
- The decision that the BESSPIN Scale won't be computed unless all needed score are provided, is to make sure the figure does not get skewed. So to make sure we compare apples to apples, we are going to stick with this error.
- You can always work around that by using the self-assessment feature. For the class that you don't run, turn
useSelfAssessmentON, and fill the values in the corresponding ini file, and the tool will load these results instead of running the tests. Also, every time you run any class, an.inifile gets generated inworkDir/cwesEvaluation/vulClassso you can copy/paste into your configSecurity.iniif you prefer to. - The error happens because
kern.logis not found. This is a bug. I will open a PR to fix this soon (and the score will be thusHIGH). [Opened #1107] - This error should not have happened, but because you removed
rsyslogas @podhrmic has asked, it did. My suggestion would be, for LMCO to scoreNONEon that test as it should: please build two debian images, one withrsyslogand onewithout. Add them to the same directory (or send them to me), will name themdebian.elfanddebian_noRsyslog.elf. When you do so, I will modify the cyberphys default config to use a custom OS Image, and adjust the path todebian_noRsyslog.elf.
Please lmk if something is unclear or if you suggest an alternative courses of action.
njshanahan
I created a configuration that excluded PPAC from
vulClassesbecause PPAC-3 produces a CALL-ERR score. This prevented thecomputeBesspinScalescore from being calculated. The error messages are below.With PPAC included.
Without PPAC included.
I imagine correcting the PPAC-3 CALL-ERR will resolve the issue. The log file is attached below.
test_PPAC_3.log