search

OpenSCAP / scap-workbench

SCAP Scanner And Tailoring Graphical User Interface
https://www.open-scap.org/tools/scap-workbench
GNU General Public License v3.0
226 stars 65 forks source link

Can't use Scap Workbench to scan Windows hosts #136

Open Lishrackk opened 7 years ago

Lishrackk commented 7 years ago

I downloaded the current version of SCAP Workbench for Windows. Installed and then opened it as administrator and as non administrator. It immediately comes up with Open SCAP Security guide. I select Other Scap Content under (Select Content to load: and then click load Content. IO select my Windows 10 STIG (U_Windows_10_V1R8_STIG_SCAP_1-1_Benchmark-xccdf). The bench mark loads in correctly. It shows a list of rules. I select a profile of default. The Target for local Machine is greyed out and the Remote Machine (over SSH) is selected. It does not allow me to change the Target. The box I want to run the STIG against is the local host. I read the documentation and it says automatically runs against local host. I believe this is where I would select Fetch remote resources, however I have tried with and without any check marks selected. I click scan and I get the following error:

22:42:44 info
SCAP Workbench 1.1.5, compiled with Qt 4.8.7, using OpenSCAP 1.3.0

22:44:44 info
Opened file 'C:/Users/Lishr/Desktop/U_Windows_10_V1R8_STIG_SCAP_1-1_Benchmark-xccdf.xml'.

22:47:50 except
There was a problem setting up the scanner. There was a problem with OscapScannerRemoteSsh! You can only use source datastreams for scanning remotely! Remote scanning using plain XCCDF and OVAL files has not been implemented in SCAP Workbench yet.

Please help!

jan-cerny commented 7 years ago

@Lishrackk Thanks for contacting us. The problem is that we can't scan Windows machines, we can scan only Linux machines. The purpose of SCAP Workbench for Windows is only to scan remote Linux servers over network. The reason is that Windows probes aren't implemented at all.

Actually, we have received a lot of requests to support Windows scanning. I think it would be awesome if we work on that.

Lishrackk commented 7 years ago

Thank you for the quick response..  It appears you have most of the infrastructure already in place to run Windows STIGS.  You have the remote scan ability which I didn't get to play with yet! Wanted to ask  can you use A range to run against Vice individual IP's? You already have OVAL call backs and a options enabled.  The only thing would be ingesting this zip file from (http://iasecontent.disa.mil/stigs/zip/U_Windows_10_V1R8_STIG_SCAP_1-1_Benchmark.zip) under the Other Content and opening up the Local selection for testing.  Attached is the Benchmark with OVAL already there as well as the xccdf and dictionary files.

Please let me know what you think I really like your solution and would love to be able to use it for all of my clients.

matejak commented 6 years ago

Scans are accomplished by calling the executing the oscap scanner. Therefore, adapting oscap so it can scan Windows hosts is a prerequisity. This is a big project, so we can't expect this to happen any time soon: https://github.com/OpenSCAP/openscap/issues/195

tjackson78 commented 6 years ago

Any update on this?

mpreisler commented 6 years ago

@tjackson78 There is a lot of ongoing work on this by @jan-cerny

Check out https://github.com/OpenSCAP/openscap/projects/1