OpenSCAP
oscap xccdf generate report errors for STIG Ansible Role XCCDF output
Description of Problem:
How do I view the results of a DISA Ansible Role XCCDF output with oscap?
Red Hat Enterprise Linux 8 STIG for Ansible - Ver 1, Rel 5 claims it generates XCCDF results.
Yet oscap xccdf generate report xccdf-results.xml where the file argument is the output of ansible-playbook invoking the Role generates an error.
OpenSCAP Version:
OpenSCAP command line tool (oscap) 1.3.5
Operating System & Version:
RHEL 8.5
Steps to Reproduce:
- Run Ansible role for Red Hat Enterprise Linux 8 STIG for Ansible - Ver 1, Rel 5 from a control node against a target host in
--checkmode - Save xccdf-results.xml ouptut
- Run
oscap xccdf generate report xccdf-results.xml
Actual Results:
$ oscap xccdf generate report xccdf-results.xml
No cdf:Benchmark ID specified and no suitable candidate has been autodetected.
OpenSCAP Error:: Could not apply XSLT /usr/share/openscap/xsl/xccdf-report.xsl to XML file: xccdf-results.xml [/builddir/build/BUILD/openscap-1.3.5/src/source/xslt.c:178]
Expected Results:
Produce HTML output
OpenSCAP needs to have a full benchmark in order to process the results file. The generated xccdf-report only contains the TestResult information.
I believe you can import this into the STIG Viewer application provided by DISA (only works with Oracle Java):
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_STIGViewer_2-16.zip
from this page: https://public.cyber.mil/stigs/srg-stig-tools/
