openscap icon indicating copy to clipboard operation
openscap copied to clipboard

verified publisher icon OpenSCAP

Metadata

NIST Certified SCAP 1.2 toolkit

Results 185 openscap issues
Sort by recently updated
recently updated
newest added

Checklist and ARF results not accepted by DISA STIG Viewer, STIG Manager, OpenRMF or Heimdall2

7 comment

I'm wondering if I'm doing something wrong, but with "confirmation" that 3 of these tools don't like the results produced by `oscap` I feel pretty confident it's not me (?)...

gmisura avatar gmisura

Some remediations fail to run in oscap-im

Some remediations fail to complete and terminate prematurely when `oscap` is run as a part of `oscap-im` command. For example, remediation for `accounts_passwords_pam_faillock_dir` fails with: ``` /tmp/oscap.sApNOh/fix-XXOud2ao: line 124: semanage:...

jan-cerny avatar jan-cerny

oscap-docker error on AmazonLinux 2023 scan: W: oscap: Requested offline mode is not supported by uname probe

Hi, When trying to run the following to perform compliance scan in Alpine docker host against a AmazonLinux 2023 docker image `oscap-docker image public.ecr.aws/amazonlinux/amazonlinux:2023 xccdf eval \ --profile xccdf_org.ssgproject.content_profile_cis --results...

ss107-github avatar ss107-github

No way to change sce script location from /tmp/oscap.XXXXX (regression?)

oscap version: 1.3.10 Due to compliance reasons, our /tmp is non-executable, and as far as we can find there is no way to change the SCE script directory. This breaks...

gitbugr avatar gitbugr

Image Mode

tests: Don't set -e for compound tests managed by test_run

2 comment

The `test_run` wrapper should handle all return codes, we don't want to bail out early. Fixes: https://github.com/OpenSCAP/openscap/issues/2110

evgenyz avatar evgenyz

Support for OVAL 5.12

3 comment

#### Description of Problem: In 2024-12-04 we got the publication of OVAL 5.12 https://oval-community-guidelines.readthedocs.io/en/5.11.2_release/ Do we want to add support for it or do we wait for OVAL 6.0 and...

dodys avatar dodys

oscap 1.3.9 coredumps while processing the latest Ubuntu 24.04 compliance control file

6 comment

#### Description of Problem: While running the latest [Ubuntu 24.04 XCCDF](https://github.com/ComplianceAsCode/content/blob/master/controls/cis_ubuntu2404.yml) file, the oscap command fails with a core dump. The last message seen is: ``` oscap: ./src/XCCDF_POLICY/xccdf_policy.c:627: xccdf_policy_is_item_selected: Assertion...

bhattisatish avatar bhattisatish

portability

Proposal: Reduce memory requirements for generating results by offering a reduced intermediate results file

#### Description of Problem: Today with containerisation of systems and/or applications there's very low memory available for running oscap. Hello cgroups, docker, lxc, lxd, incus, kubernetes, etc. Most OVAL definitions...

dionysius avatar dionysius

oscap-ssh fails if remote sudo has NOEXEC

The sudo `noexec` configuration option prevents oscap-ssh from running with the `--sudo` option. From `sudoers(5)` manual: > sudo's noexec functionality can be used to prevent a program run by sudo...

pguillier avatar pguillier

oscap-docker evalluates all rules as notapplicable in redhat STIG

### Description of Problem: Seems to similar to https://github.com/OpenSCAP/openscap/issues/1942. When scanning a redhat container image (like ubi8 and ubi9) using oscap-docker, all rules are evaluated as notapplicable. ### OpenSCAP Version:...

ben-dov avatar ben-dov

Metadata

1.3k
Stars
361
Forks
Watchers

Owner

verified publisher icon OpenSCAP

Metadata

NIST Certified SCAP 1.2 toolkit

Back