search

OpenSCAP / openscap

NIST Certified SCAP 1.2 toolkit
https://www.open-scap.org/tools/openscap-base
GNU Lesser General Public License v2.1
1.38k stars 380 forks source link

"--fetch-remote-resources" kill the process #1796

Open gmezzanotti opened 3 years ago

gmezzanotti commented 3 years ago

Description of Problem:

When i use "--fetch-remote-resources" option, at the end the process is killed

OpenSCAP Version:

jumpgm:~ # oscap -V OpenSCAP command line tool (oscap) 1.3.5 Copyright 2009--2021 Red Hat Inc., Durham, North Carolina.

==== Supported specifications ==== SCAP Version: 1.3 XCCDF Version: 1.2 OVAL Version: 5.11.1 CPE Version: 2.3 CVSS Version: 2.0 CVE Version: 2.0 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1 CVRF Version: 1.1

Operating System & Version:

jumpgm:~ # uname -a Linux jumpgm 5.3.18-24.75-default #1 SMP Thu Jul 15 10:17:58 UTC 2021 (44308a6/lp-17ec2b8) x86_64 x86_64 x86_64 GNU/Linux jumpgm:~ # more /etc/os-release NAME="SLES" VERSION="15-SP2" VERSION_ID="15.2" PRETTY_NAME="SUSE Linux Enterprise Server 15 SP2" ID="sles" ID_LIKE="suse" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:suse:sles:15:sp2"

Steps to Reproduce:

oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --fetch-remote-resources --results-arf /tmp/jump-arf.xml --report /tmp/jump-report.html /root/scap-security-guide/ssg-sle15-ds.xml

Actual Results:

... Title Disable SSH Root Login Rule xccdf_org.ssgproject.content_rule_sshd_disable_root_login Ident CCE-85557-7 Result fail

Title Enable Encrypted X11 Forwarding Rule xccdf_org.ssgproject.content_rule_sshd_enable_x11_forwarding Result pass

Title Set SSH MaxSessions limit Rule xccdf_org.ssgproject.content_rule_sshd_set_max_sessions Result fail

Killed jumpgm:~ #

Additional Information / Debugging Steps:

oscap --verbose DEVEL xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --fetch-remote-resources --results-arf /tmp/jump-arf.xml --report /tmp/jump-report.html /root/scap-security-guide/ssg-sle15-ds.xml

... D: oscap: Signaling `notfull' [oscap(89545):icache_worker(7f22eaffd700):icache.c:241:probe_icache_worker] D: oscap: Handling NOP [oscap(89545):icache_worker(7f22eaffd700):icache.c:265:probe_icache_worker] D: oscap: Sync [oscap(89545):probe_worker(7f22d77e6700):icache.c:477:probe_icache_nop] D: oscap: old flag: 0, new flag: 4. [oscap(89545):probe_worker(7f22d77e6700):probe-api.c:688:probe_cobj_set_flag] D: oscap: handler result = 0x7f232007b180, return code = 0 [oscap(89545):probe_worker(7f22d77e6700):worker.c:95:probe_worker_runfn] D: oscap: probe thread deleted [oscap(89545):probe_worker(7f22d77e6700):worker.c:115:probe_worker_runfn] D: oscap: Sorting blocks & building iterator array [oscap(89545):probe_worker(7f22d77e6700):sexp-manip.c:1408:SEXP_list_sort] D: oscap: Iterator count = 0 [oscap(89545):probe_worker(7f22d77e6700):sexp-manip.c:1442:SEXP_list_sort] D: oscap: cnt = 0 [oscap(89545):probe_worker(7f22d77e6700):seap-message.c:138:SEAP_msgattr_exists] D: oscap: no-reply not set: sending full reply [oscap(89545):probe_worker(7f22d77e6700):seap.c:481:SEAP_reply] D: oscap: MSG -> SEXP [oscap(89545):probe_worker(7f22d77e6700):seap-packet.c:260:SEAP_packet_msg2sexp] D: oscap: ("seap.msg" ":id" 332 ":reply-id" 332 (4 () () () ) ) [oscap(89545):probe_worker(7f22d77e6700):seap-packet.c:261:SEAP_packet_msg2sexp] D: oscap: packet size: 569 [oscap(89545):probe_worker(7f22d77e6700):seap-packet.c:262:SEAP_packet_msg2sexp] D: oscap: Received packet [oscap(89545):oscap(7f2337504ac0):seap-packet.c:794:SEAP_packet_recv] D: oscap: ("seap.msg" ":id" 332 ":reply-id" 332 (4 () () () ) ) [oscap(89545):oscap(7f2337504ac0):seap-packet.c:795:SEAP_packet_recv] D: oscap: packet size: 569 [oscap(89545):oscap(7f2337504ac0):seap-packet.c:796:SEAP_packet_recv] D: oscap: Message received. [oscap(89545):oscap(7f2337504ac0):oval_probe_ext.c:579:oval_probe_comm] D: oscap: name=(null), value=0x7f2320086980 [oscap(89545):oscap(7f2337504ac0):seap-message.c:73:SEAP_msg_free] I: oscap: State 'oval:ssg-state_maxsessions_value_upper_bound:ste:1' references external_variable 'oval:ssg-var_sshd_max_sessions:var:1'. [oscap(89545):oscap(7f2337504ac0):oval_probe.c:214:oval_probe_query_var_ref] I: oscap: Querying variable 'oval:ssg-var_sshd_max_sessions:var:1'. [oscap(89545):oscap(7f2337504ac0):oval_variable.c:504:oval_probe_query_variable] I: oscap: Variable 'oval:ssg-var_sshd_max_sessions:var:1' is not local, skipping. [oscap(89545):oscap(7f2337504ac0):oval_variable.c:507:oval_probe_query_variable] I: oscap: Variable 'oval:ssg-var_sshd_max_sessions:var:1' has values "4". [oscap(89545):oscap(7f2337504ac0):oval_variable.c:488:_dump_variable_values] I: oscap: Test 'oval:ssg-test_sshd_max_sessions:tst:1' requires that every object defined by 'oval:ssg-object_sshd_max_sessions:obj:1' exists on the system. [oscap(89545):oscap(7f2337504ac0):oval_resultTest.c:900:_oval_result_test_evaluate_items] I: oscap: 0 objects defined by 'oval:ssg-object_sshd_max_sessions:obj:1' exist on the system. [oscap(89545):oscap(7f2337504ac0):oval_resultTest.c:918:_oval_result_test_evaluate_items] I: oscap: No item matching object 'oval:ssg-object_sshd_max_sessions:obj:1' was found on the system. (flag=does not exist) [oscap(89545):oscap(7f2337504ac0):oval_resultTest.c:954:_oval_result_test_evaluate_items] I: oscap: Test 'oval:ssg-test_sshd_max_sessions:tst:1' evaluated as false. [oscap(89545):oscap(7f2337504ac0):oval_resultTest.c:1164:oval_result_test_eval] I: oscap: Definition 'oval:ssg-sshd_set_max_sessions:def:1' evaluated as false. [oscap(89545):oscap(7f2337504ac0):oval_resultDefinition.c:170:oval_result_definition_eval] Result fail

D: oscap: name=reply-id, value=0x7f232007cc50 [oscap(89545):probe_worker(7f22d77e6700):seap-message.c:73:SEAP_msg_free] D: oscap: probe_worker_runfn has finished [oscap(89545):probe_worker(7f22d77e6700):worker.c:175:probe_worker_runfn] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] D: oscap: rbt_str_add: non-zero return code [oscap(89545):oscap(7f2337504ac0):oval_string_map.c:211:oval_string_map_put] Killed jumpgm:~ #

evgenyz commented 2 years ago

Hey! Can you please try again using the latest 1.3.6 release?

safonas commented 2 years ago

Getting the same "Killed" result with 1.3.6 both with and without --fetch-remote-resources:

System

$ uname -a
Linux ip-173-33-13-138.eu-west-2.compute.internal 4.18.0-372.9.1.el8.x86_64 #1 SMP Fri Apr 15 22:12:19 EDT 2022 x86_64 x86_64 x86_64 GNU/Linux

$ cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION="8.6 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.6 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.6
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.6"

OSCAP

$ oscap --version
OpenSCAP command line tool (oscap) 1.3.6
Copyright 2009--2021 Red Hat Inc., Durham, North Carolina.

==== Supported specifications ====
SCAP Version: 1.3
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1

==== Capabilities added by auto-loaded plugins ====
No plugins have been auto-loaded...

==== Paths ====
Schema files: /usr/share/openscap/schemas
Default CPE files: /usr/share/openscap/cpe

==== Inbuilt CPE names ====
Red Hat Enterprise Linux - cpe:/o:redhat:enterprise_linux:-
Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5
Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6
Red Hat Enterprise Linux 7 - cpe:/o:redhat:enterprise_linux:7
Red Hat Enterprise Linux 8 - cpe:/o:redhat:enterprise_linux:8
Community Enterprise Operating System 5 - cpe:/o:centos:centos:5
Community Enterprise Operating System 6 - cpe:/o:centos:centos:6
Community Enterprise Operating System 7 - cpe:/o:centos:centos:7
Community Enterprise Operating System 8 - cpe:/o:centos:centos:8
Fedora 32 - cpe:/o:fedoraproject:fedora:32
Fedora 33 - cpe:/o:fedoraproject:fedora:33
Fedora 34 - cpe:/o:fedoraproject:fedora:34
Fedora 35 - cpe:/o:fedoraproject:fedora:35

==== Supported OVAL objects and associated OpenSCAP probes ====
OVAL family   OVAL object                  OpenSCAP probe              
----------    ----------                   ----------                  
independent   environmentvariable          probe_environmentvariable
independent   environmentvariable58        probe_environmentvariable58
independent   family                       probe_family
independent   filehash                     probe_filehash (MD5, SHA-1)
independent   filehash58                   probe_filehash58 (MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512)
independent   system_info                  probe_system_info
independent   textfilecontent              probe_textfilecontent
independent   textfilecontent54            probe_textfilecontent54
independent   variable                     probe_variable
independent   xmlfilecontent               probe_xmlfilecontent
independent   yamlfilecontent              probe_yamlfilecontent
linux         iflisteners                  probe_iflisteners
linux         inetlisteningservers         probe_inetlisteningservers
linux         partition                    probe_partition
linux         rpminfo                      probe_rpminfo
linux         rpmverify                    probe_rpmverify
linux         rpmverifyfile                probe_rpmverifyfile
linux         rpmverifypackage             probe_rpmverifypackage
linux         selinuxboolean               probe_selinuxboolean
linux         selinuxsecuritycontext       probe_selinuxsecuritycontext
linux         systemdunitdependency        probe_systemdunitdependency
linux         systemdunitproperty          probe_systemdunitproperty
unix          dnscache                     probe_dnscache
unix          file                         probe_file
unix          fileextendedattribute        probe_fileextendedattribute
unix          gconf                        probe_gconf
unix          interface                    probe_interface
unix          password                     probe_password
unix          process                      probe_process
unix          process58                    probe_process58
unix          routingtable                 probe_routingtable
unix          runlevel                     probe_runlevel
unix          shadow                       probe_shadow
unix          symlink                      probe_symlink
unix          sysctl                       probe_sysctl
unix          uname                        probe_uname
unix          xinetd                       probe_xinetd

Commands to reproduce

oscap xccdf eval --verbose DEVEL --verbose-log-file oscap-debug.log --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_cis_workstation_l1 --results scan_results.xml --report scan_report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
oscap xccdf eval --verbose DEVEL --verbose-log-file oscap-debug.log --profile xccdf_org.ssgproject.content_profile_cis_workstation_l1 --results scan_results.xml --report scan_report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml

Devel log

...
D: oscap: rbt_str_add: non-zero return code [oscap(57135):oscap(7fd7ce8c0bc0):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(57135):oscap(7fd7ce8c0bc0):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(57135):oscap(7fd7ce8c0bc0):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(57135):oscap(7fd7ce8c0bc0):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(57135):oscap(7fd7ce8c0bc0):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(57135):oscap(7fd7ce8c0bc0):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(57135):oscap(7fd7ce8c0bc0):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(57135):oscap(7fd7ce8c0bc0):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(57135):oscap(7fd7ce8c0bc0):oval_string_map.c:211:oval_string_map_put]
D: oscap: probe_common_main_cleanup started [oscap(57135):common_main(7fd775da9700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(57135):common_main(7fd775da9700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(57135):common_main(7fd775da9700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(57135):common_main(7fd772b59700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(57135):common_main(7fd772b59700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(57135):common_main(7fd772b59700):probe_main.c:170:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup started [oscap(57135):common_main(7fd76c872700):probe_main.c:143:probe_common_main_cleanup]
D: oscap: probe_input_handler thread has joined with status -1 [oscap(57135):common_main(7fd76c872700):probe_main.c:157:probe_common_main_cleanup]
D: oscap: probe_common_main_cleanup finished [oscap(57135):common_main(7fd76c872700):probe_main.c:170:probe_common_main_cleanup]
... same messages repeated
Killed
gmezzanotti commented 2 years ago

the same here, no changes with 1.3.6

admd commented 1 year ago

This happens because of an OOM error and this problem still exists, I have even pre-downloaded the remote content and then try to use it with --local-files , it still returns the same error.

While testing, I kept an eye on memory and it easily takes 6/7 G of memory during a scan if remote content is involved. Increasing memory solves the issue but I wonder if there is a possibility to improve this memory footprint.

dexterle commented 1 year ago

I am also running into this same exact problem. Initially, I was not able to see any evaluations and get the "Killed" message immediately.

host:~> oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --results /tmp/openscap-ssg-results.xml --report /tmp/openscap-ssg-results.html --fetch-remote-resources --skip-valid /tmp/definitions/ssg-sle15-ds.xml
Downloading: https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.15.xml ... ok
Killed
host:~> echo $?
137

@admd's solution to supply more memory seemed to allow the evaluation to start but openscap still cannot perform a scan, and falls back to the "Killed" message.

host:~> oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --results /tmp/openscap-ssg-results.xml --report /tmp/openscap-ssg-results.html --fetch-remote-resources --skip-valid /tmp/definitions/ssg-sle15-ds.xml
Downloading: https://ftp.suse.com/pub/projects/security/oval/suse.linux.enterprise.15.xml ... ok
--- Starting Evaluation ---

Title   Install AIDE
Rule    xccdf_org.ssgproject.content_rule_package_aide_installed
Ident   CCE-83289-9
Result  xxxxxx

...

Title   Configure SSSD to Expire Offline Credentials
Rule    xccdf_org.ssgproject.content_rule_sssd_offline_cred_expiration
Ident   CCE-83296-4
Result  xxxxxx

Killed
host:~> echo $?
137

For some background info: SLES 15 SP4 OS:

host:~> cat /etc/os-release 
NAME="SLES"
VERSION="15-SP4"
VERSION_ID="15.4"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP4"
ID="sles"
ID_LIKE="suse"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:15:sp4"
DOCUMENTATION_URL="https://documentation.suse.com/"

oscap version (1.36)

host:~> oscap --version
OpenSCAP command line tool (oscap) 1.3.6
Copyright 2009--2021 Red Hat Inc., Durham, North Carolina.

==== Supported specifications ====
SCAP Version: 1.3
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1

==== Capabilities added by auto-loaded plugins ====
No plugins have been auto-loaded...

==== Paths ====
Schema files: /usr/share/openscap/schemas
Default CPE files: /usr/share/openscap/cpe

==== Inbuilt CPE names ====
Red Hat Enterprise Linux - cpe:/o:redhat:enterprise_linux:-
Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5
Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6
Red Hat Enterprise Linux 7 - cpe:/o:redhat:enterprise_linux:7
Red Hat Enterprise Linux 8 - cpe:/o:redhat:enterprise_linux:8
Community Enterprise Operating System 5 - cpe:/o:centos:centos:5
Community Enterprise Operating System 6 - cpe:/o:centos:centos:6
Community Enterprise Operating System 7 - cpe:/o:centos:centos:7
Community Enterprise Operating System 8 - cpe:/o:centos:centos:8
Fedora 32 - cpe:/o:fedoraproject:fedora:32
Fedora 33 - cpe:/o:fedoraproject:fedora:33
Fedora 34 - cpe:/o:fedoraproject:fedora:34
Fedora 35 - cpe:/o:fedoraproject:fedora:35
openSUSE Leap 15.1 - cpe:/o:opensuse:leap:15.1
openSUSE Leap 15.2 - cpe:/o:opensuse:leap:15.2
openSUSE Leap 15.3 - cpe:/o:opensuse:leap:15.3
openSUSE Leap 15.4 - cpe:/o:opensuse:leap:15.4
openSUSE Leap 15.5 - cpe:/o:opensuse:leap:15.5
openSUSE Tumbleweed - cpe:/o:opensuse:tumbleweed
SUSE Linux Enterprise Server 12 - cpe:/o:suse:sles:12
SUSE Linux Enterprise Desktop 12 - cpe:/o:suse:sled:12
SUSE Linux Enterprise Server 15 - cpe:/o:suse:sles:15
SUSE Linux Enterprise Desktop 15 - cpe:/o:suse:sled:15

==== Supported OVAL objects and associated OpenSCAP probes ====
OVAL family   OVAL object                  OpenSCAP probe              
----------    ----------                   ----------                  
independent   environmentvariable          probe_environmentvariable
independent   environmentvariable58        probe_environmentvariable58
independent   family                       probe_family
independent   filehash                     probe_filehash (MD5, SHA-1)
independent   filehash58                   probe_filehash58 (MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512)
independent   system_info                  probe_system_info
independent   textfilecontent              probe_textfilecontent
independent   textfilecontent54            probe_textfilecontent54
independent   variable                     probe_variable
independent   xmlfilecontent               probe_xmlfilecontent
linux         iflisteners                  probe_iflisteners
linux         inetlisteningservers         probe_inetlisteningservers
linux         partition                    probe_partition
linux         rpminfo                      probe_rpminfo
linux         rpmverify                    probe_rpmverify
linux         rpmverifyfile                probe_rpmverifyfile
linux         rpmverifypackage             probe_rpmverifypackage
linux         selinuxboolean               probe_selinuxboolean
linux         selinuxsecuritycontext       probe_selinuxsecuritycontext
linux         systemdunitdependency        probe_systemdunitdependency
linux         systemdunitproperty          probe_systemdunitproperty
unix          dnscache                     probe_dnscache
unix          file                         probe_file
unix          fileextendedattribute        probe_fileextendedattribute
unix          interface                    probe_interface
unix          password                     probe_password
unix          process                      probe_process
unix          process58                    probe_process58
unix          routingtable                 probe_routingtable
unix          runlevel                     probe_runlevel
unix          shadow                       probe_shadow
unix          symlink                      probe_symlink
unix          sysctl                       probe_sysctl
unix          uname                        probe_uname
unix          xinetd                       probe_xinetd

DEVEL logs

D: oscap: name=reply-id, value=0x7f6ff00934e0 [oscap(1782):probe_worker(7f6fd9fd3700):seap-message.c:73:SEAP_msg_free]
D: oscap: probe_worker_runfn has finished [oscap(1782):probe_worker(7f6fd9fd3700):worker.c:179:probe_worker_runfn]
D: oscap: rbt_str_add: non-zero return code [oscap(1782):oscap(7f7040448900):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1782):oscap(7f7040448900):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1782):oscap(7f7040448900):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1782):oscap(7f7040448900):oval_string_map.c:211:oval_string_map_put]
D: oscap: rbt_str_add: non-zero return code [oscap(1782):oscap(7f7040448900):oval_string_map.c:211:oval_string_map_put]
...
Killed

Reproduce:

oscap xccdf eval --verbose DEVEL --profile xccdf_org.ssgproject.content_profile_stig --results /tmp/openscap-ssg-results.xml --report /tmp/openscap-ssg-results.html --fetch-remote-resources --skip-valid /tmp/definitions/ssg-sle15-ds.xml

Would appreciate any suggestions to try out...

ricardobranco777 commented 8 months ago

I'm seeing this in the kernel logs:

kernel: chronyd invoked oom-killer: gfp_mask=0x1100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0