search

GovReady / govready

Toolkit for getting open source apps ready for secure, approved government use
GNU General Public License v3.0
97 stars 31 forks source link

'oval eval' does not work properly in version 0.9.3 (RHEL) but does in v1.0.8 #55

Open gregelin opened 10 years ago

gregelin commented 10 years ago

oscap oval eval is broken in OpenSCAP version 0.9.3.

Maybe GovReady should report this information in errata or other notes? On Wiki?

See: https://github.com/OpenSCAP/openscap/issues/3

On RHEL64 (no yum update) OpenSCAP appears to be version 0.9.3. For rule umask_for_daemons oscap oval eval does not indicate failure.

[root@vagrant fisma3]# oscap oval eval --id oval:ssg:def:221 --variables scans/variables.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-oval.xml
Evaluation done.
[root@vagrant fisma3]# echo $?
0

Subscribing the system to RedHat and updating openscap provides more expected results for oscap oval eval

[root@vagrant fisma3]# oscap oval eval --id oval:ssg:def:221 --variables scans/variables.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-oval.xml
Definition oval:ssg:def:221: false
Evaluation done.

CentOS65 with OpenSCAP version 1.0.8, doing oscap oval eval for umask_for_daemons responds:

oscap oval eval --id oval:ssg:def:221 --variables scans/variables.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-oval.xml
Definition oval:ssg:def:221: false
Evaluation done.
[root@vagrant fismacentos1]# echo $?
0