Hi everyone,
My name is Graham (Willo) Williamson and I'm an employee of Northrop Grumman Australia. I'm currently being sub contracted back to very familiar ground, the Australian DoD. I'm one of those lucky people who are working in this latest cyber craze (like that'll last). :)
I was in the Royal Australian Air Force for about 14 years and got out to start "earning the big bucks" back in Mar 2011. For basically, the last 6 and a bit years of my time in the Air Force, I was doing CND and some IA on various systems. I originally self taught myself Linux on Fedora Core 2 and one of those big yellow Wiley 'Bible' series books and haven't looked back. Been a fan ever since.
I'm looking forward to getting involved and I am willing and able to contribute. Like a couple of the others on this list, git is definitely not my strong suit, but I'm using it daily at the moment and becoming more at one with the force with every passing day. Anyway, I've already joined the git group and Shawn's already hooked me up and approved my membership, so I'm very keen to crack on and get amongst it.
Cheers, Willo -- Graham Williamson
Welcome Willo!
Same boat with git, but you only learn by doing. :)
Leam
On 01/07/2014 05:06 AM, Graham Williamson wrote:
Hi everyone,
My name is Graham (Willo) Williamson and I'm an employee of Northrop Grumman Australia. I'm currently being sub contracted back to very familiar ground, the Australian DoD. I'm one of those lucky people who are working in this latest cyber craze (like that'll last). :)
I was in the Royal Australian Air Force for about 14 years and got out to start "earning the big bucks" back in Mar 2011. For basically, the last 6 and a bit years of my time in the Air Force, I was doing CND and some IA on various systems. I originally self taught myself Linux on Fedora Core 2 and one of those big yellow Wiley 'Bible' series books and haven't looked back. Been a fan ever since.
I'm looking forward to getting involved and I am willing and able to contribute. Like a couple of the others on this list, git is definitely not my strong suit, but I'm using it daily at the moment and becoming more at one with the force with every passing day. Anyway, I've already joined the git group and Shawn's already hooked me up and approved my membership, so I'm very keen to crack on and get amongst it.
Cheers, Willo
Graham Williamson
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Indeed -- welcome!
I've been on leave (and then ill), but I hope to make useful commits again soon...
On 1/8/14, 11:24 AM, Jeffrey Blank wrote:
Indeed -- welcome!
I've been on leave (and then ill), but I hope to make useful commits again soon...
still waiting on those useful commits, Jeff ;)
but really: how's the RHEL6 SNAC guide progressing? IIRC you'll be patch bombing us shortly with most welcome copy edits.
I'm not sure if this is the appropriate place to ask this, but I noticed that when I do a scan like the following:
oscap xccdf eval --profile Profile --results /tmp/scan-results.xml --report /tmp/scan-results.html --oval-results --cpe-dict /tmp/scap-cpe-dictionary.xml /tmp/scap-xccdf.xml
A file with the extension "-oval.xml.result.xml" gets created were the scan was launched. Since I run these in an automated fashion I don't want the the file created in the location, so I omitted the --oval-results part. I still got the html and xml outputs, but the html lacks some of the information. For instance with oval-results in the eval command I get a table of files that have the permissions listed for one of the checks. Good information. If I omit the --oval-results, the table is not there. I've experimented with telling --oval-results where to put the file, but it doesn't seem to take. Is there any way to redirect the output somewhere else? Or get the extra information in an alternative fashion?
On Tue, 2014-01-07 at 12:10 -0700, joescap@mm.st wrote:
I'm not sure if this is the appropriate place to ask this, but I noticed that when I do a scan like the following:
This appears to really be a open-scap question open-scap-list@redhat.com but we should be able to provide some guidance in the first place.
oscap xccdf eval --profile Profile --results /tmp/scan-results.xml --report /tmp/scan-results.html --oval-results --cpe-dict /tmp/scap-cpe-dictionary.xml /tmp/scap-xccdf.xml
--cpe-dict is deprecated, you should be using --cpe if you're running a recent version of oscap. Run oscap -V and make sure you're running the latest version.
to put the file, but it doesn't seem to take. Is there any way to redirect the output somewhere else? Or get the extra information in an alternative fashion?
I get the same results as well (openscap-0.9.12-1.el6.x86_64), not the very latest version. The man page for oscap doesn't specify an argument after the --oval-results option to specify a path to place those results. I also check openscap-1.0.1-1.fc19.x86_64 (latest version) as well and it doesn't appear to specify an argument to the --oval-results either. So, it looks like an email to the open-scap mailing list or log a feature request at https://fedorahosted.org/openscap/ will be your best bet.
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
Here is what I use:
oscap xccdf eval --profile stig-rhel6-server --results path_to_output_file --report path_to_output_file --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
So as long as its a valid path you can do the following:
oscap xccdf eval --profile stig-rhel6-server --results /tmp/ssg-results.xml --report /tmp/ssg-report.xml --cpe /usr/share/xml/scap/ssg/content/ssg-rhel6-cpe-dictionary.xml /usr/share/xml/scap/ssg/content/ssg-rhel6-xccdf.xml
Hope this helps.
Christoper Kachigian Cyber Architect Sr. Staff
Lockheed Martin IS&SG 700 N. Frederick Road Gaithersburg MD 20879
O: 301-240-7709
On 1/7/14, 3:21 PM, "Graham Williamson" graham@williamsonsinc.id.au wrote:
On Tue, 2014-01-07 at 12:10 -0700, joescap@mm.st wrote:
I'm not sure if this is the appropriate place to ask this, but I noticed that when I do a scan like the following:
This appears to really be a open-scap question open-scap-list@redhat.com but we should be able to provide some guidance in the first place.
oscap xccdf eval --profile Profile --results /tmp/scan-results.xml --report /tmp/scan-results.html --oval-results --cpe-dict /tmp/scap-cpe-dictionary.xml /tmp/scap-xccdf.xml
--cpe-dict is deprecated, you should be using --cpe if you're running a recent version of oscap. Run oscap -V and make sure you're running the latest version.
to put the file, but it doesn't seem to take. Is there any way to redirect the output somewhere else? Or get the extra information in an alternative fashion?
I get the same results as well (openscap-0.9.12-1.el6.x86_64), not the very latest version. The man page for oscap doesn't specify an argument after the --oval-results option to specify a path to place those results. I also check openscap-1.0.1-1.fc19.x86_64 (latest version) as well and it doesn't appear to specify an argument to the --oval-results either. So, it looks like an email to the open-scap mailing list or log a feature request at https://fedorahosted.org/openscap/ will be your best bet.
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
On Tue, Jan 7, 2014, at 01:21 PM, Graham Williamson wrote:
On Tue, 2014-01-07 at 12:10 -0700, joescap@mm.st wrote:
I'm not sure if this is the appropriate place to ask this, but I noticed that when I do a scan like the following:
This appears to really be a open-scap question open-scap-list@redhat.com but we should be able to provide some guidance in the first place.
oscap xccdf eval --profile Profile --results /tmp/scan-results.xml --report /tmp/scan-results.html --oval-results --cpe-dict /tmp/scap-cpe-dictionary.xml /tmp/scap-xccdf.xml
--cpe-dict is deprecated, you should be using --cpe if you're running a recent version of oscap. Run oscap -V and make sure you're running the latest version.
to put the file, but it doesn't seem to take. Is there any way to redirect the output somewhere else? Or get the extra information in an alternative fashion?
I get the same results as well (openscap-0.9.12-1.el6.x86_64), not the very latest version. The man page for oscap doesn't specify an argument after the --oval-results option to specify a path to place those results. I also check openscap-1.0.1-1.fc19.x86_64 (latest version) as well and it doesn't appear to specify an argument to the --oval-results either. So, it looks like an email to the open-scap mailing list or log a feature request at https://fedorahosted.org/openscap/ will be your best bet.
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide Email had 1 attachment:
- signature.asc 1k (application/pgp-signature)
Thanks. I'll followup with the openscap list. I have a script (run via cron) that runs the oscap eval command and when oval-results is used it sticks the results file right off the / directory. I guess I can add a line or two two in the script to cd into another directory run the command and then clean up the file.
In your automated fashion are you running from cron?
Regards,
Christoper Kachigian Cyber Architect Sr. Staff
Lockheed Martin IS&SG 700 N. Frederick Road Gaithersburg MD 20879
O: 301-240-7709
On 1/7/14, 2:10 PM, "joescap@mm.st" joescap@mm.st wrote:
I'm not sure if this is the appropriate place to ask this, but I noticed that when I do a scan like the following:
oscap xccdf eval --profile Profile --results /tmp/scan-results.xml --report /tmp/scan-results.html --oval-results --cpe-dict /tmp/scap-cpe-dictionary.xml /tmp/scap-xccdf.xml
A file with the extension "-oval.xml.result.xml" gets created were the scan was launched. Since I run these in an automated fashion I don't want the the file created in the location, so I omitted the --oval-results part. I still got the html and xml outputs, but the html lacks some of the information. For instance with oval-results in the eval command I get a table of files that have the permissions listed for one of the checks. Good information. If I omit the --oval-results, the table is not there. I've experimented with telling --oval-results where to put the file, but it doesn't seem to take. Is there any way to redirect the output somewhere else? Or get the extra information in an alternative fashion? _______________________________________________ scap-security-guide mailing list scap-security-guide@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
scap-security-guide@lists.fedorahosted.org
-
Graham Williamson -
Jeffrey Blank -
joescap@mm.st -
Kachigian, Christopher R -
leam hall -
Shawn Wells