search

modulogrc / modSIC

Modulo's Open Distributed SCAP Infrastructure Collector, or modSIC, makes it easier for security analysts to scan an environment vulnerabilities based on OVAL-Definitions. It's an open-source service specialized in distributed network assessments.
http://www.modsic.com.br
14 stars 13 forks source link

Unix (Ubuntu 16.04) scans "unknown" when using independent tests #9

Open johnwallsARK opened 6 years ago

johnwallsARK commented 6 years ago

unix_display_login_banner2.txt

I am trying to run a quick test of a Unix target using an OVAL definition that uses independent.textfilecontent54 to test a UNIX system. The variables point to the correct path "/etc/issue" on the server. I have created a new test user, gave sudo permissions, tested SSHing in with that user, etc and it works fine.

When I use the Console it does not prompt me for an SSH port, this seems to be tied to when the system detects a UNIX test explicitly in the OVAL definition. In the case of an independent test, there is no UNIX key to identify off so it I THINK is trying to scan as Windows.

Doing this scan results in "result='unknown'" in the test Result XML, as well as a lack of system characteristics being generated (flag="not collected"). I am uploading the XML as a TXT file so GitHub is happy.

luty81 commented 6 years ago

John, could you provide us the oval_results xml file ?