Closed gaure closed 1 month ago
This problem is most likely caused by the symbolic links in the /dev directory.
I wonder which rule actually fails, it can't be xccdf_org.ssgproject.content_rule_aide_disable_silentreports
. Can you please provide full verbose log?
Hi evgenyz, thanks for the prompt response.
Yes it is the Aide rule, I customized the profile, removed the rule and the scan job finished in less than 2 minutes.
I am working on the verbose logs.
Hi evgenyz Attached is the verbose logs. It is a big file so I just captured a few lines at the beginning of the aide rule. You will see when the rule is parsing the "proc" file system, but the issue is when it starts parsing "/dev". I have the scan running for 62 hours and it does not get out of the "/dev" filesystem. Eventually it crashes because memory problems. Thanks! log-trim.txt.gz
You can use --rule rule_id
to execute just a single rule to avoid collecting unrelated logs.
Hi Evgenyz Any idea why the probe_file doesn't stop after a predefined depth to avoid the loop? Or you still need the verbose logs only for that rule? Even with a single rule selection still the logs will be very large. Best, GA
Is the definition of the object in your DS like this:
<unix:file_object id="oval:ssg-obj_aide_disable_silentreports_config_file:obj:1" version="1" comment="The configuration file /etc/default/aide for aide_disable_silentreports">
<unix:filepath operation="pattern match">^/etc/default/aide</unix:filepath>
</unix:file_object>
?
Probably your problem is this: https://github.com/ComplianceAsCode/content/pull/11973
Thanks a million @evgenyz I will apply the patch. Have a great weekend.
Problem with the scap-security-guide-0.1.73 content
Thanks!
Description of Problem:
When running oscap command:
$ oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --results-arf arf.xml --report report.html --oval-results scap-security-guide-0.1.73/ssg-ubuntu2204-ds-1.2.xml
The oscap goes into an infinite loop with the following error:
W: oscap: Filesystem tree cycle detected at '/dev/groqA3.pci/driver/0000:01:00.0/subsystem/devices/0000:03:00.0/firmware_node/wakeup/wakeup33/subsystem/wakeup58/device/device:e4/physical_node/0000:e5:00.0/i2c-3/subsystem/devices/i2c-1/device/iommu_group/devices/0000:00:14.3/firmware_node/PNP0501:01/physical_node/driver/00:03/firmware_node/subsystem/devices/device:158/physical_node/iommu/devices/0000:a0:07.1/firmware_node/device:156/physical_node/dma/dma14chan0/subsystem/dma3chan0/device/driver/0000:02:00.2/iommu/devices/0000:03:00.3/usb1/firmware_node/physical_node3/subsystem/devices/5-2/5-2.4/driver/usb5/5-2
OpenSCAP Version:
OpenSCAP command line tool (oscap) 1.4.0 Copyright 2009--2023 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ==== SCAP Version: 1.3 XCCDF Version: 1.2 OVAL Version: 5.11.1 CPE Version: 2.3 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1
Operating System & Version:
Ubunut 22.04.
Steps to Reproduce:
Actual Results:
Infinite loop. --- Starting Evaluation ---
Title Install AIDE Rule xccdf_org.ssgproject.content_rule_package_aide_installed Result fail
Title Build and Test AIDE Database Rule xccdf_org.ssgproject.content_rule_aide_build_database Result fail
Title Configure AIDE to Verify the Audit Tools Rule xccdf_org.ssgproject.content_rule_aide_check_audit_tools Result fail
Title Configure AIDE To Notify Personnel if Baseline Configurations Are Altered Rule xccdf_org.ssgproject.content_rule_aide_disable_silentreports W: oscap: Filesystem tree cycle detected at '/dev/groqA3.pci/iommu_group/devices/0000:61:00.0'. W: oscap: Filesystem tree cycle detected at '/dev/groqA3.pci/driver/0000:01:00.0/iommu_group/devices/0000:01:00.0'. W: oscap: Filesystem tree cycle detected at '/dev/groqA3.pci/driver/0000:01:00.0/driver'. W: oscap: Filesystem tree cycle detected at '/dev/groqA3.pci/driver/0000:01:00.0/subsystem/devices/0000:03:00.0/iommu_group/devices/0000:03:00.0'. W: oscap: Filesystem tree cycle detected at '/dev/groqA3.pci/driver/0000:01:00.0/subsystem/devices/0000:03:00.0/firmware_node/wakeup/wakeup33/device'. W: oscap: Filesystem tree cycle detected at '/dev/groqA3.pci/driver/0000:01:00.0/subsystem/devices/0000:03:00.0/firmware_node/wakeup/wakeup33/subsystem/wakeup58/device/device:e4/wakeup/wakeup60/device'. W: oscap: Filesystem tree cycle detected at '/dev/groqA3.pci/driver/0000:01:00.0/subsystem/devices/0000:03:00.0/firmware_node/wakeup/wakeup33/subsystem/wakeup58/device/device:e4/wakeup/wakeup60/subsystem'. W: oscap: Filesystem tree cycle detected at '/dev/groqA3.pci/driver/0000:01:00.0/subsystem/devices/0000:03:00.0/firmware_node/wakeup/wakeup33/subsystem/wakeup58/device/device:e4/physical_node/iommu_group/devices/0000:e3:02.0'
Expected Results:
Recursion problem solved as stays in https://github.com/OpenSCAP/openscap/pull/1534.
Additional Information / Debugging Steps:
NA