Hello Everyone,
I'm hoping you can help put me out of my misery!
I've taken the latest version of scap-security-guide
# git clone https://git.fedorahosted.org/git/scap-security-guide.git
And I've been trying to run "make content; make validate" on the RHEL/6 directory...
... if I do a fresh git clone and run it, it is successful and the validate completes ok.
...if i first go into the RHEL/6/input/checks/templates directory and run "make templates; make copy" ....and then run the "make content; make validate" it fails:
paul@myhost:/tmp/ssg3/scap-security-guide/RHEL/6> make validate oscap xccdf validate-xml output/ssg-rhel6-xccdf.xml oscap oval validate-xml output/ssg-rhel6-oval.xml oscap oval validate-xml output/ssg-rhel6-cpe-oval.xml cd output; ../utils/verify-references.py --rules-with-invalid-checks --ovaldefs-unused ssg-rhel6-xccdf.xml /tmp/ssg3/scap-security-guide/RHEL/6/output OVAL Check is not referenced by XCCDF: oval:ssg:def:556 make: *** [validate] Error 1
...this is a bug of some kind right?
Thanks!
Paul
Hello,
Just checking on the latest master, this is appearing to fail because the 'make templates' generates a file permission OVAL check for grub that is not in the XCCDF. The offending xml file is file_permissions_boot_grub_grub_conf.xml which if you `rm file_permissions_boot_grub_grub_conf.xml`. A bug issue can be filed here if so desired: https://github.com/OpenSCAP/scap-security-guide/issues
Just reading through the README doc under the templates directory, generally, you do not want to blindly run `make copy` as some of the checks most likely have been intentionally edited to add additional checks. Usually building from source, `make && make validate` (under the scap-security-guide or RHEL/6 directories) work best if you are just building from the latest source to run a scan. It just depends on what you are attempting to do. Are you generating OVAL content, or .....?
Gabe
On Wed, Sep 3, 2014 at 3:16 AM, Paul Urwin me@paulurwin.com wrote:
Hello Everyone,
I'm hoping you can help put me out of my misery!
I've taken the latest version of scap-security-guide
# git clone https://git.fedorahosted.org/git/scap-security-guide.git
And I've been trying to run "make content; make validate" on the RHEL/6 directory...
... if I do a fresh git clone and run it, it is successful and the validate completes ok.
...if i first go into the RHEL/6/input/checks/templates directory and run "make templates; make copy" ....and then run the "make content; make validate" it fails:
paul@myhost:/tmp/ssg3/scap-security-guide/RHEL/6> make validate oscap xccdf validate-xml output/ssg-rhel6-xccdf.xml oscap oval validate-xml output/ssg-rhel6-oval.xml oscap oval validate-xml output/ssg-rhel6-cpe-oval.xml cd output; ../utils/verify-references.py --rules-with-invalid-checks --ovaldefs-unused ssg-rhel6-xccdf.xml /tmp/ssg3/scap-security-guide/RHEL/6/output OVAL Check is not referenced by XCCDF: oval:ssg:def:556 make: *** [validate] Error 1
...this is a bug of some kind right?
Thanks!
Paul
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
Are there docs that explain step by step the build process for using source?
Greg Elin P: 917-304-3488 E: gregelin@gitmachines.com
Sent from my iPhone
On Sep 3, 2014, at 4:06 PM, Gabe Alford redhatrises@gmail.com wrote:
Hello,
Just checking on the latest master, this is appearing to fail because the 'make templates' generates a file permission OVAL check for grub that is not in the XCCDF. The offending xml file is file_permissions_boot_grub_grub_conf.xml which if you `rm file_permissions_boot_grub_grub_conf.xml`. A bug issue can be filed here if so desired: https://github.com/OpenSCAP/scap-security-guide/issuesJust reading through the README doc under the templates directory, generally, you do not want to blindly run `make copy` as some of the checks most likely have been intentionally edited to add additional checks. Usually building from source, `make && make validate` (under the scap-security-guide or RHEL/6 directories) work best if you are just building from the latest source to run a scan. It just depends on what you are attempting to do. Are you generating OVAL content, or .....?
Gabe
On Wed, Sep 3, 2014 at 3:16 AM, Paul Urwin me@paulurwin.com wrote: Hello Everyone,
I'm hoping you can help put me out of my misery!
I've taken the latest version of scap-security-guide
# git clone https://git.fedorahosted.org/git/scap-security-guide.git
And I've been trying to run "make content; make validate" on the RHEL/6 directory...
... if I do a fresh git clone and run it, it is successful and the validate completes ok.
...if i first go into the RHEL/6/input/checks/templates directory and run "make templates; make copy" ....and then run the "make content; make validate" it fails:
paul@myhost:/tmp/ssg3/scap-security-guide/RHEL/6> make validate oscap xccdf validate-xml output/ssg-rhel6-xccdf.xml oscap oval validate-xml output/ssg-rhel6-oval.xml oscap oval validate-xml output/ssg-rhel6-cpe-oval.xml cd output; ../utils/verify-references.py --rules-with-invalid-checks --ovaldefs-unused ssg-rhel6-xccdf.xml /tmp/ssg3/scap-security-guide/RHEL/6/output OVAL Check is not referenced by XCCDF: oval:ssg:def:556 make: *** [validate] Error 1
...this is a bug of some kind right?
Thanks!
Paul
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
Only thing I see is here: https://fedorahosted.org/scap-security-guide/wiki/becomeadeveloper Probably something that should be more robust and maybe either added to the fedorahosted wiki or github wiki.
Gabe
On Wed, Sep 3, 2014 at 3:04 PM, Greg Elin gregelin@gitmachines.com wrote:
Are there docs that explain step by step the build process for using source?
Greg Elin P: 917-304-3488 E: gregelin@gitmachines.com
Sent from my iPhone
On Sep 3, 2014, at 4:06 PM, Gabe Alford redhatrises@gmail.com wrote:
Hello,
Just checking on the latest master, this is appearing to failbecause the 'make templates' generates a file permission OVAL check for grub that is not in the XCCDF. The offending xml file is file_permissions_boot_grub_grub_conf.xml which if you `rm file_permissions_boot_grub_grub_conf.xml`. A bug issue can be filed here if so desired: https://github.com/OpenSCAP/scap-security-guide/issues
Just reading through the README doc under the templates directory, generally, you do not want to blindly run `make copy` as some of the checks most likely have been intentionally edited to add additional checks. Usually building from source, `make && make validate` (under the scap-security-guide or RHEL/6 directories) work best if you are just building from the latest source to run a scan. It just depends on what you are attempting to do. Are you generating OVAL content, or .....?
Gabe
On Wed, Sep 3, 2014 at 3:16 AM, Paul Urwin me@paulurwin.com wrote:
Hello Everyone,
I'm hoping you can help put me out of my misery!
I've taken the latest version of scap-security-guide
# git clone https://git.fedorahosted.org/git/scap-security-guide.git
And I've been trying to run "make content; make validate" on the RHEL/6 directory...
... if I do a fresh git clone and run it, it is successful and the validate completes ok.
...if i first go into the RHEL/6/input/checks/templates directory and run "make templates; make copy" ....and then run the "make content; make validate" it fails:
paul@myhost:/tmp/ssg3/scap-security-guide/RHEL/6> make validate oscap xccdf validate-xml output/ssg-rhel6-xccdf.xml oscap oval validate-xml output/ssg-rhel6-oval.xml oscap oval validate-xml output/ssg-rhel6-cpe-oval.xml cd output; ../utils/verify-references.py --rules-with-invalid-checks --ovaldefs-unused ssg-rhel6-xccdf.xml /tmp/ssg3/scap-security-guide/RHEL/6/output OVAL Check is not referenced by XCCDF: oval:ssg:def:556 make: *** [validate] Error 1
...this is a bug of some kind right?
Thanks!
Paul
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
On 9/3/14, 4:06 PM, Gabe Alford wrote:
Hello,
Just checking on the latest master, this is appearing to failbecause the 'make templates' generates a file permission OVAL check for grub that is not in the XCCDF. The offending xml file is file_permissions_boot_grub_grub_conf.xml which if you `rm file_permissions_boot_grub_grub_conf.xml`. A bug issue can be filed here if so desired: https://github.com/OpenSCAP/scap-security-guide/issues https://github.com/OpenSCAP/scap-security-guide/issues%20
Just reading through the README doc under the templates directory, generally, you do not want to blindly run `make copy` as some of the checks most likely have been intentionally edited to add additional checks. Usually building from source, `make && make validate` (under the scap-security-guide or RHEL/6 directories) work best if you are just building from the latest source to run a scan. It just depends on what you are attempting to do. Are you generating OVAL content, or .....?
pull request awaiting peer review @ https://github.com/OpenSCAP/scap-security-guide/pull/47
----- Original Message -----
From: "Shawn Wells" shawn@redhat.com To: scap-security-guide@lists.fedorahosted.org Sent: Thursday, September 4, 2014 5:34:01 AM Subject: Re: SCAP Security Guide - make validate fails after make templates run
On 9/3/14, 4:06 PM, Gabe Alford wrote:
Hello,
Just checking on the latest master, this is appearing to fail because the 'make templates' generates a file permission OVAL check for grub that is not in the XCCDF. The offending xml file is file_permissions_boot_grub_grub_conf.xml which if you `rm file_permissions_boot_grub_grub_conf.xml`. A bug issue can be filed here if so desired: https://github.com/OpenSCAP/scap-security-guide/issues
Just reading through the README doc under the templates directory, generally, you do not want to blindly run `make copy` as some of the checks most likely have been intentionally edited to add additional checks. Usually building from source, `make && make validate` (under the scap-security-guide or RHEL/6 directories) work best if you are just building from the latest source to run a scan. It just depends on what you are attempting to do. Are you generating OVAL content, or .....?
pull request awaiting peer review @ https://github.com/OpenSCAP/scap-security-guide/pull/47
Commented & ACKed & merged.
Thanks for the fix.
Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Technologies Team
-- SCAP Security Guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
scap-security-guide@lists.fedorahosted.org
-
Gabe Alford -
Greg Elin -
Jan Lieskovsky -
Paul Urwin -
Shawn Wells