Using openscap for scanning Windows #1280
Comments
|
@bgoyal I think you can, but it's "experimental" still. |
|
Does work using the Issue #1175 I referenced. Download OpenSCAP MSI here List of Releases: https://github.com/OpenSCAP/openscap/releases/ Run oscap.exe with -h for some decent documentation on the commands Note, you'll have to pass it a file that has the "rules" you want to check against. Example, use the xccdf file inside the zip archive here: http://iasecontent.disa.mil/stigs/zip/U_Windows_10_V1R8_STIG_SCAP_1-1_Benchmark.zip Example command line to run using that file: C:\Program Files (x86)\OpenSCAP 1.3.0>oscap xccdf eval C:\Users\username\Downloads\U_Windows_10_V1R8_STIG_SCAP_1-1_Benchmark\U_Windows_10_V1R8_STIG_SCAP_1-1_Benchmark-xccdf.xml |
|
Does that answer your question, @bgoyal ? |
|
@aaronk1 Is there a list of supported windows OS's? I have 1.3.0 installed on a Windows 2008 R2 server and the exe just crashes. |
|
@aaronk1 Hi Thanks |
|
@instigardo the |
|
@redhatrises can you tell me where can i get the content file for Windows Server 2012 R2? |
|
@instigardo there is not separate fix content for XCCDF. It should be embedded in the XCCDF file itself under the |
|
@peruzzijl It looks like you issue is related to #1335. Otherwise this issue is mostly related to the content, and we do not provide any content for Windows OS. Please join #1335 if you have any additional information about the crash. |
|
Please don't use closed issues unless you know that issue is definitely related to your problem. It looks like it does not. Please create new issue and add there as much information as you could: fill the template and add scanner output (preferably also with |
|
Hi team...what command should i run to generate a report ???? btw is there any way to fix findings???? thx in davance for your help.... |
I would try adding "--report "FileName.txt"" Are you using oscap to verify your security implementation? |
|
yes we are trying to use openscap for HCs Windows servers...any idea if someelse have this already implemented....???? thx in advance!!!! |
|
btw --report switch is not working..seems this is the error.... C:\Program Files (x86)\OpenSCAP 1.3.4>oscap xccdf eval U_MS_Windows_Server_2019_V1R3_STIG_SCAP_1-2_Benchmark.xml --report report.txt |
|
you need to provide all the options before OpenSCAP expects that the last element in the command line is the benchmark in this case. OpenSCAP has a rusty argparsing |
|
what is the way to create a custom profile for windows in order to not just check but remediate?? any recipe you are using...thx 4 your help!!!! |
|
did anyone try to use this up benchmark with a custom profile and a tailoring file? if so pls can you let us know how to run ..i`ve tried this but not working so far... oscap xccdf eval --report test.html --profile xccdf_mil.disa.stig_profile_MAC-1_Classified_customized_DAZ --tailoring-file tailoring-xccdf.xml U_MS_Windows_Server_2019_V1R3_STIG_SCAP_1-2_Benchmark.xml |
|
anyone knows how to add more seetings this benchmark?????? Regards!!! |
@daz2712 I believe the only type of remediation supported for Windows at the moment would be the SCE. But this engine support is not available in latest OpenSCAP windows build, you would have to use an older version probably (1.2.x).
What's exactly the output here?
What do you mean by If you still have doubts and questions, I encourage you to create a new issue and put as much information as you can, files, outputs, etc as you can so we can have a clear understanding of your problem. Regards. |
|
No such module: --report |
I think you need to pass
|
Hello Everyone,
I'm new to openscap. Hence apologize a novice question. I see a project on adding support for scanning Windows targets using openscap. What's the latest status of this project? Can someone use openscap to scan a Windows host? What Windows OSes are planned to be supported?
Best,
BG.
The text was updated successfully, but these errors were encountered: