On 12/7/12 11:31 AM, Rodrian, Logan P (IS) wrote:
Attached are 4 CSV files, per your request. Their contents are as
follows:
Bugs - Errors/inconsistencies with reporting or remediation
BrokenRemediation - Remediation fixes that do not perform what is described
AuditFalsePositivesPre - Audit report failures, pre-remediation, that incorrectly report
failure (check portion incorrectly discovering status of checked object)
AuditFalsePositivesPost - Audit report failures, post-remediation, that incorrectly
report failure (check portion incorrectly discovering status of checked object)
I believe most of these fall into your category (2), as there is an issue with the code
performing work.
Please let me know what additional information is needed/required.
I had a chance to step through your spreadsheet.
Many of these are bugs within the OVAL (checking) content of the SCAP
Security Guide. I've created a number of tickets for these, located here:
https://fedorahosted.org/scap-security-guide/report/3
The remaining items on your "REMEDIATE - Broken" and "Bugs" tab appear
to be originating from the Aqueduct remediation scripts.