Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oval results missing in html results for many sysctl checks #954

Closed
ghost opened this issue Jan 12, 2018 · 2 comments
Closed

oval results missing in html results for many sysctl checks #954

ghost opened this issue Jan 12, 2018 · 2 comments

Comments

@ghost
Copy link

ghost commented Jan 12, 2018

Description of problem:

Running oscap xccdf eval with the following command line results in missing oval results for some checks:
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_nist-800-171-cui --oval-results --report remote-report.html /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

This happens whether the checks pass or fail.

The checks with no oval results are:
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_send_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_send_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_ip_forward
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_accept_source_route
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_accept_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_secure_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_log_martians
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_log_martians
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_source_route
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_accept_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_secure_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_icmp_echo_ignore_broadcasts
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_icmp_ignore_bogus_error_responses
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_tcp_syncookies
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_all_rp_filter
xccdf_org.ssgproject.content_rule_sysctl_net_ipv4_conf_default_rp_filter

xccdf_org.ssgproject.content_rule_sysctl_kernel_ipv6_disable
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_source_route
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_ra
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_ra
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_accept_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_redirects
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_default_accept_source_route
xccdf_org.ssgproject.content_rule_sysctl_net_ipv6_conf_all_forwarding

SCAP Security Guide Version:

scap-security-guide-0.1.37-1.el7.centos.noarch

Operating System Version:

CentOS Linux release 7.4.1708 (Core)

Steps to Reproduce:

  1. oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_nist-800-171-cui --oval-results --report remote-report.html /usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml

Actual Results:

Oval results are listed in html file for all checks except the ones listed above

Expected Results:

Oval results are listed in html file or all checks

Addition Information/Debugging Steps:

This appears to be occurring because the checks consist entirely of extended definitions.

Related: #953

I'm not sure now whether that RFE should actually be 2 RFE, one for AND/OR logic, and a second one for extended definitions.

I would think it would make sense to fix both of the issues at the same time though since they likely involve the same code path.
@jan-cerny
Copy link
Member

Thanks for reporting this.

I think it is also related to #916

It seems to me that our HTML generator ignores the extended definitions completely.

jan-cerny added a commit to jan-cerny/openscap that referenced this issue Jan 19, 2018
@jan-cerny
Show OVAL details for extend_definition
b39bd98 
If an OVAL definition was extended using 'extend_definition', there were
no details shown in the HTML report for the refereced definition(s).
This commit adds OVAL details for the extended definition to HTML report.
Fixes OpenSCAP#916, OpenSCAP#954.
@jan-cerny jan-cerny mentioned this issue Jan 19, 2018
Closed
2 tasks
jan-cerny added a commit to jan-cerny/openscap that referenced this issue Jun 10, 2019
@jan-cerny
Show OVAL details for extend_definition
3ac047e 
If an OVAL definition was extended using 'extend_definition', there were
no details shown in the HTML report for the refereced definition(s).
This commit adds OVAL details for the extended definition to HTML report.
Fixes OpenSCAP#916, OpenSCAP#954.
@jan-cerny
Copy link
Member

Fixed by #1350

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jan-cerny