process58 probe fails on SLES 11 SP3

Hi All, I have discussed this in the OpenSCAP mailing list and this is confirmed to be an issue. Adding it here for tracking purpose. Below are details.

Thanks and regards, Pravin Goyal

Gautam told -

Unit tests in the make check for process58 fail and there is a segmentation fault. I haven't looked into the code there yet, but it is likely that it might not be tested on SUSE.

So, it looks like it has not been tested on SLES. Are unit tests on SLES for process58 passing? Here is the OVAL definition. This works perfect on RHEL machine but does not work on SLES. OpenSCAP version on SLES/RHEL machine is 1.2.5.

<?xml version="1.0" encoding="UTF-8"?>
<oval_definitions xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" 
                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
                      xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" 
                      xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5"
                      xmlns:linux-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"
                      xmlns:unix-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"   
                      xmlns:independent-def="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" 
                      xsi:schemaLocation="http://oval.mitre.org/XMLSchema/oval-definitions-5 oval-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-common-5 oval-common-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#independent independent-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#linux linux-definitions-schema.xsd http://oval.mitre.org/XMLSchema/oval-definitions-5#unix unix-definitions-schema.xsd">

  <generator>
    <oval:product_name>None</oval:product_name>
    <oval:product_version>None</oval:product_version>
    <oval:schema_version>5.11</oval:schema_version>
    <oval:timestamp>2016-04-04T01:31:55</oval:timestamp>
  </generator>

  <definitions>
    <definition id="oval:test-sles113.test.com:def:1" 
                 version="1" 
                 class="compliance">
                <metadata>
                         <title>Verify audit service is running</title>
                         <affected family="unix">
                                   <platform>cpe:/o:sles11:linux</platform>
                         </affected>
                         <description>This rule verifies that the 'auditd' service is running.</description>
                </metadata>
                <criteria  operator="AND" 
                            negate="false" 
                            comment="None">

                <criterion comment="None" 
                        test_ref="oval:test-sles113.test.com:tst:1" />
                                </criteria>
    </definition>
  </definitions>

  <tests>
         <process58_test         xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix"
                             id="oval:test-sles113.test.com:tst:1"
                             version="1"
                             check="all" 
                             comment="None"
                             check_existence="at_least_one_exists">
      <object               object_ref="oval:test-sles113.test.com:obj:1" />
    </process58_test>
  </tests>

  <objects>
    <process58_object         xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" 
                               id="oval:test-sles113.test.com:obj:1" 
                               version="1" 
                               comment="None">
      <command_line           datatype="string" operation="pattern match">.*auditd.*</command_line>
      <pid                    datatype="int" operation="greater than">0</pid>
    </process58_object>
  </objects>
</oval_definitions>

OpenSCAP / website

process58 probe fails on SLES 11 SP3 #184