search

OpenSCAP / openscap

NIST Certified SCAP 1.2 toolkit
https://www.open-scap.org/tools/openscap-base
GNU Lesser General Public License v2.1
1.34k stars 370 forks source link

oscap xccdf generate report errors for STIG Ansible Role XCCDF output #1853

Open brsolomon-deloitte opened 2 years ago

brsolomon-deloitte commented 2 years ago

Description of Problem:

How do I view the results of a DISA Ansible Role XCCDF output with oscap?

Red Hat Enterprise Linux 8 STIG for Ansible - Ver 1, Rel 5 claims it generates XCCDF results.

Yet oscap xccdf generate report xccdf-results.xml where the file argument is the output of ansible-playbook invoking the Role generates an error.

OpenSCAP Version:

OpenSCAP command line tool (oscap) 1.3.5

Operating System & Version:

RHEL 8.5

Steps to Reproduce:

  1. Run Ansible role for Red Hat Enterprise Linux 8 STIG for Ansible - Ver 1, Rel 5 from a control node against a target host in --check mode
  2. Save xccdf-results.xml ouptut
  3. Run oscap xccdf generate report xccdf-results.xml

Actual Results:

$ oscap xccdf generate report xccdf-results.xml 
No cdf:Benchmark ID specified and no suitable candidate has been autodetected.
OpenSCAP Error:: Could not apply XSLT /usr/share/openscap/xsl/xccdf-report.xsl to XML file: xccdf-results.xml [/builddir/build/BUILD/openscap-1.3.5/src/source/xslt.c:178]

Expected Results:

Produce HTML output

ggbecker commented 2 years ago

OpenSCAP needs to have a full benchmark in order to process the results file. The generated xccdf-report only contains the TestResult information.

I believe you can import this into the STIG Viewer application provided by DISA (only works with Oracle Java):

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_STIGViewer_2-16.zip

from this page: https://public.cyber.mil/stigs/srg-stig-tools/