openscap icon indicating copy to clipboard operation
openscap copied to clipboard

Published 20 hours ago verified publisher icon OpenSCAP

Issues with OVAL test results details in the HTML report

Open jnmatlock opened this issue 4 years ago • 1 comments

Description of Problem:

OVAL test results showing incorrect value (false/fail) for the following Rule IDs after running rhel8-playbook-stig.yml.

  1. Rule ID: xccdf_org.ssgproject.content_rule_banner_etc_issue OVAL Definition ID: oval:ssg-banner_etc_issue:def:1 Modify the System Login Banner

  2. Rule ID: xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy OVAL Definition ID: oval:ssg-configure_openssl_crypto_policy:def:1 Configure OpenSSL library to use System Crypto Policy

  3. Rule ID: xccdf_org.ssgproject.content_rule_audit_ospp_general OVAL Definition ID: oval:ssg-audit_ospp_general:def:1 Perform general configuration of Audit for OSPP

OpenSCAP Version:

1.3.2

Operating System & Version:

RHEL 8.2 with Draft DISA STIG

Steps to Reproduce:

  1. Download scap-security-guide package
  2. Run rhel8-playbook-stig.yml
  3. Run oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --report /tmp/oscap-report.html --fetch-remote-resources /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml

Note: Also ran playbooks individually, still receiving the same results in the HTML report

Actual Results:

Modify the System Login Banner

login_banner_oval_test_html

login_banner_etc_issue

Configure OpenSSL library to use System Crypto Policy

openssl_crypto_policy_oval_test_html

openssl_crypto_policy_issue

Perform general configuration of Audit for OSPP

audit_ospp_general_oval_test_html

audit_ospp_general_oval_test_html_2

audit_ospp_general_issue

Expected Results:

Each of the following should show up with status pass.

  1. Rule ID: xccdf_org.ssgproject.content_rule_banner_etc_issue OVAL Definition ID: oval:ssg-banner_etc_issue:def:1 Modify the System Login Banner

  2. Rule ID: xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy OVAL Definition ID: oval:ssg-configure_openssl_crypto_policy:def:1 Configure OpenSSL library to use System Crypto Policy

  3. Rule ID: xccdf_org.ssgproject.content_rule_audit_ospp_general OVAL Definition ID: oval:ssg-audit_ospp_general:def:1 Perform general configuration of Audit for OSPP

Additional Information / Debugging Steps:

The STIG playbook and the recommended remediation playbook run with no issues.

jnmatlock avatar Nov 12 '20 16:11 jnmatlock

@jan-cerny, @yuumasato, @ggbecker My first impression is that it belongs to CaC.

evgenyz avatar Nov 13 '20 08:11 evgenyz