-
Notifications
You must be signed in to change notification settings - Fork 370
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oval results missing in html results for many sysctl checks #954
Comments
Thanks for reporting this. I think it is also related to #916 It seems to me that our HTML generator ignores the extended definitions completely. |
jan-cerny
added a commit
to jan-cerny/openscap
that referenced
this issue
Jan 19, 2018
If an OVAL definition was extended using 'extend_definition', there were no details shown in the HTML report for the refereced definition(s). This commit adds OVAL details for the extended definition to HTML report. Fixes OpenSCAP#916, OpenSCAP#954.
2 tasks
jan-cerny
added a commit
to jan-cerny/openscap
that referenced
this issue
Jun 10, 2019
If an OVAL definition was extended using 'extend_definition', there were no details shown in the HTML report for the refereced definition(s). This commit adds OVAL details for the extended definition to HTML report. Fixes OpenSCAP#916, OpenSCAP#954.
Fixed by #1350 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of problem:
Running oscap xccdf eval with the following command line results in missing oval results for some checks:
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_nist-800-171-cui --oval-results --report remote-report.html /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml
This happens whether the checks pass or fail.
The checks with no oval results are:
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_send_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_send_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_accept_source_route
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_accept_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_secure_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_log_martians
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_log_martians
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_source_route
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_secure_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_icmp_echo_ignore_broadcasts
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_icmp_ignore_bogus_error_responses
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_tcp_syncookies
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_rp_filter
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_rp_filter
xccdf_org.ssgproject.content_rule_sysctl_kernel_ipv6_disable
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_source_route
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_ra
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_source_route
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_forwarding
SCAP Security Guide Version:
scap-security-guide-0.1.37-1.el7.centos.noarch
Operating System Version:
CentOS Linux release 7.4.1708 (Core)
Steps to Reproduce:
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_nist-800-171-cui --oval-results --report remote-report.html /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml
Actual Results:
Oval results are listed in html file for all checks except the ones listed above
Expected Results:
Oval results are listed in html file or all checks
Addition Information/Debugging Steps:
This appears to be occurring because the checks consist entirely of extended definitions.
Related: #953
I'm not sure now whether that RFE should actually be 2 RFE, one for AND/OR logic, and a second one for extended definitions.
I would think it would make sense to fix both of the issues at the same time though since they likely involve the same code path.
The text was updated successfully, but these errors were encountered: