Martin,

I was able to run xccdf and oscan after editing the eap5-xccdf.xml file. I did comment out all '<platform idref="cpe:/a:redhat..' lines (5 lines in total).

java -jar xccdfexec.jar -result bla.xml --report bla.html --profile eap5_full -c eap5-cpe-oval.xml -C eap5-cpe-dictionary.xl -P eap5_full

Did run and asked me a lot's of questions. The same questions as can be found in the JBossEAP5_Guide.html document. Based on my answers it generated a few xml files. But am I mistaken or doesn't  xccdfexec cheeck anything?

Oscap did check some things by it self (by inspecting jboss xml files I supose). I run it with the following options:

oscap xccdf eval --results bla.xml --report bla.html --profile eap5-full -cpe eap5-cpe-dictionary.xml eap5-xccdf.xml


It generated the bla.html file and most of the checks were done. Previously I did check the Jboss by hand and I think oscap is not very meticulous. Some checks did get the passed status and I'm sure it should have failed.  Any comments on this/

I'm very unexperienced with xccdfexec and oscan and maybe I'm not using these tools correctly.

regards,

Ivan


On Tue, Apr 22, 2014 at 12:32 PM, Ivan Saez Scheihing <saezscheihing@gmail.com> wrote:
Martin,

Okay. thanks. I'll give it a try and let you know if it works.

regards,

Ivan




On Tue, Apr 22, 2014 at 12:30 PM, Martin Preisler <mpreisle@redhat.com> wrote:
----- Original Message -----
> From: "Ivan Saez Scheihing" <saezscheihing@gmail.com>
> To: "CAP Security Guide" <scap-security-guide@lists.fedorahosted.org>
> Sent: Sunday, April 20, 2014 1:51:59 PM
> Subject: oscap & jboss on Fedora
>
> Hi,
>
> I'n new to oscap/xccdf and am trying unleash it on a Jboss 5 installation
> (Jboss EAP 5 (5.1.2)). The original jboss installation runs on a RedHat 6
> server but I'm not allowed to install software on that server. I've copied
> the Jboss installation on a Fedora server and when I try to use xccdf I get
> the following error:
> !! The target checklist is not applicable to this platform. aborting....
> I'm not sure if it's refering to Fedora or Jboss. Any ideas?
>  The when I try oscap
> oscap xccdf evel --results bla.xml --report bla.html --profile eap5_full
> --cpe eap5-cpe-dictionary.xml eap5-xccdf.xml
>
> I get lot's of "not applicable" messages and the bla.html contains no
> meaningfull information.

If you insist on running it on this platform combination you need to remove all the <platform>..</platform> elements from the XCCDF.

--
Martin Preisler
_______________________________________________
scap-security-guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide