openscap
openscap copied to clipboard
Published
20 hours ago •
OpenSCAP
OpenSCAP
IOSXE Definitions file reported as invalid
trafficstars
Description of Problem:
Trying to anlayse a system characteristics file (generated by a 3rd party) returns an error that IOSxe is not supported
I am using the iosxe.xml from: https://oval.cisecurity.org/repository/download
OpenSCAP Version:
# oscap -V
OpenSCAP command line tool (oscap) 1.3.3
Copyright 2009--2020 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ====
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1
==== Capabilities added by auto-loaded plugins ====
SCE Version: 1.0 (from libopenscap_sce.so.25)
==== Paths ====
Schema files: /usr/local/share/openscap/schemas
Default CPE files: /usr/local/share/openscap/cpe
==== Inbuilt CPE names ====
Red Hat Enterprise Linux - cpe:/o:redhat:enterprise_linux
Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5
Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6
Red Hat Enterprise Linux 7 - cpe:/o:redhat:enterprise_linux:7
Red Hat Enterprise Linux 8 - cpe:/o:redhat:enterprise_linux:8
Oracle Linux 5 - cpe:/o:oracle:linux:5
Oracle Linux 6 - cpe:/o:oracle:linux:6
Oracle Linux 7 - cpe:/o:oracle:linux:7
Oracle Linux 8 - cpe:/o:oracle:linux:8
Community Enterprise Operating System 5 - cpe:/o:centos:centos:5
Community Enterprise Operating System 6 - cpe:/o:centos:centos:6
Community Enterprise Operating System 7 - cpe:/o:centos:centos:7
Scientific Linux 5 - cpe:/o:scientificlinux:scientificlinux:5
Scientific Linux 6 - cpe:/o:scientificlinux:scientificlinux:6
Scientific Linux 7 - cpe:/o:scientificlinux:scientificlinux:7
Fedora 16 - cpe:/o:fedoraproject:fedora:16
Fedora 17 - cpe:/o:fedoraproject:fedora:17
Fedora 18 - cpe:/o:fedoraproject:fedora:18
Fedora 19 - cpe:/o:fedoraproject:fedora:19
Fedora 20 - cpe:/o:fedoraproject:fedora:20
Fedora 21 - cpe:/o:fedoraproject:fedora:21
Fedora 22 - cpe:/o:fedoraproject:fedora:22
Fedora 23 - cpe:/o:fedoraproject:fedora:23
Fedora 24 - cpe:/o:fedoraproject:fedora:24
Fedora 25 - cpe:/o:fedoraproject:fedora:25
Fedora 26 - cpe:/o:fedoraproject:fedora:26
Fedora 27 - cpe:/o:fedoraproject:fedora:27
Fedora 28 - cpe:/o:fedoraproject:fedora:28
Fedora 29 - cpe:/o:fedoraproject:fedora:29
Fedora 30 - cpe:/o:fedoraproject:fedora:30
Fedora 31 - cpe:/o:fedoraproject:fedora:31
Fedora 32 - cpe:/o:fedoraproject:fedora:32
Fedora 33 - cpe:/o:fedoraproject:fedora:33
SUSE Linux Enterprise all versions - cpe:/o:suse:sle
SUSE Linux Enterprise Server 10 - cpe:/o:suse:sles:10
SUSE Linux Enterprise Desktop 10 - cpe:/o:suse:sled:10
SUSE Linux Enterprise Server 11 - cpe:/o:suse:linux_enterprise_server:11
SUSE Linux Enterprise Desktop 11 - cpe:/o:suse:linux_enterprise_desktop:11
SUSE Linux Enterprise Server 12 - cpe:/o:suse:sles:12
SUSE Linux Enterprise Desktop 12 - cpe:/o:suse:sled:12
openSUSE 11.4 - cpe:/o:opensuse:opensuse:11.4
openSUSE 13.1 - cpe:/o:opensuse:opensuse:13.1
openSUSE 13.2 - cpe:/o:opensuse:opensuse:13.2
openSUSE 42.1 - cpe:/o:novell:leap:42.1
openSUSE Leap 42.1 - cpe:/o:opensuse:leap:42.1
openSUSE 42.2 - cpe:/o:novell:leap:42.2
openSUSE Leap 42.2 - cpe:/o:opensuse:leap:42.2
openSUSE Leap 42.3 - cpe:/o:opensuse:leap:42.3
openSUSE Leap 15.0 - cpe:/o:opensuse:leap:15.0
openSUSE All Versions - cpe:/o:opensuse:opensuse
Red Hat Enterprise Linux Optional Productivity Applications - cpe:/a:redhat:rhel_productivity
Red Hat Enterprise Linux Optional Productivity Applications 5 - cpe:/a:redhat:rhel_productivity:5
Wind River Linux all versions - cpe:/o:windriver:wrlinux
Wind River Linux 8 - cpe:/o:windriver:wrlinux:8
Wind River Linux 1019 - cpe:/o:windriver:wrlinux:1019
Microsoft Windows 7 - cpe:/o:microsoft:windows_7
Microsoft Windows 8 - cpe:/o:microsoft:windows_8
Microsoft Windows 8.1 - cpe:/o:microsoft:windows_8.1
Microsoft Windows 10 - cpe:/o:microsoft:windows_10
Microsoft Windows Server 2008 - cpe:/o:microsoft:windows_server_2008
Microsoft Windows Server 2012 - cpe:/o:microsoft:windows_server_2012
Microsoft Windows Server 2016 - cpe:/o:microsoft:windows_server_2016
==== Supported OVAL objects and associated OpenSCAP probes ====
OVAL family OVAL object OpenSCAP probe
---------- ---------- ----------
independent environmentvariable probe_environmentvariable
independent environmentvariable58 probe_environmentvariable58
independent family probe_family
independent filehash probe_filehash
independent filehash58 probe_filehash58
independent system_info probe_system_info
independent textfilecontent probe_textfilecontent
independent textfilecontent54 probe_textfilecontent54
independent variable probe_variable
independent xmlfilecontent probe_xmlfilecontent
independent yamlfilecontent probe_yamlfilecontent
linux dpkginfo probe_dpkginfo
linux iflisteners probe_iflisteners
linux inetlisteningservers probe_inetlisteningservers
linux partition probe_partition
linux rpminfo probe_rpminfo
linux rpmverify probe_rpmverify
linux rpmverifyfile probe_rpmverifyfile
linux rpmverifypackage probe_rpmverifypackage
linux selinuxboolean probe_selinuxboolean
linux selinuxsecuritycontext probe_selinuxsecuritycontext
linux systemdunitdependency probe_systemdunitdependency
linux systemdunitproperty probe_systemdunitproperty
unix dnscache probe_dnscache
unix file probe_file
unix fileextendedattribute probe_fileextendedattribute
unix gconf probe_gconf
unix interface probe_interface
unix password probe_password
unix process probe_process
unix process58 probe_process58
unix routingtable probe_routingtable
unix runlevel probe_runlevel
unix shadow probe_shadow
unix symlink probe_symlink
unix sysctl probe_sysctl
unix uname probe_uname
unix xinetd probe_xinetd
Operating System & Version:
Linux Debian 10.0
Steps to Reproduce:
- Generate a System Characteristics file for ios
- Ask opscap to anlayse it
Actual Results:
# /usr/bin/oscap oval analyse --verbose DEVEL --result /tmp/results-1-1-192.168.15.125-22.xml iosxe.xml /tmp/system-characteristics-1-192.168.15.125-22.xml
I: oscap: Identified document type: oval_definitions [oscap(16387):oscap(7f09a1960d40):doc_type.c:96:oscap_determine_document_type_reader]
D: oscap: Validating OVAL Definition (5.11.2) document from iosxe.xml. [oscap(16387):oscap(7f09a1960d40):oscap_source.c:343:oscap_source_validate]
I: oscap: Identified document type: oval_system_characteristics [oscap(16387):oscap(7f09a1960d40):doc_type.c:96:oscap_determine_document_type_reader]
D: oscap: Validating OVAL System Characteristics (5.10.1) document from /tmp/system-characteristics-1-192.168.15.125-22.xml. [oscap(16387):oscap(7f09a1960d40):oscap_source.c:343:oscap_source_validate]
W: oscap: Unknown OVAL family: iosxe [oscap(16387):oscap(7f09a1960d40):oval_enumerations.c:408:oval_family_parse]
Failed to import the OVAL Definitions from 'iosxe.xml'.
OpenSCAP Error: Unknown test type oval:org.cisecurity:tst:9103. [/root/openscap-1.3.3/src/OVAL/oval_test.c:395]
Expected Results:
Analyse the system characteristics and return the results
Additional Information / Debugging Steps:
I think it may be related to:
OVAL System Characteristics (5.10.1)
Being the characteristics file
I tried changing the system characteristics file to support, didn't seem to help:
OVAL System Characteristics (5.11.2)
IOS and IOSXE are almost identical
How can I help to get this working?
On Mon, 31 Aug 2020 at 12:07, Evgeny Kolesnikov [email protected] wrote:
OpenSCAP internals are currently not aware of iosxe.
Thanks, Noam Rathaus
How can I help to get this working?
Well, by going through the source code of the scanner (following the ios-specific parts of the code) and creating a PR with mirroring changes for the iosxe. It probably would only require to add some enum members and string constants.