Hi - I’m running the OpenSCAP STIG profile on a new CentOS 7.1611 installation,
and I get a few failures that look like this (output from openscap scan
—verbosity INFO). I suspect this is because the openscap module is not
accepting CentOS 7 as RHEL 7 for rules purposes, despite an early check for
"Community Enterprise Operating System 7” which succeeds.
1. Am I correct in why it’s failing?
2. Is this a bug, or an accepted behavior given that CentOS isn’t actually RHEL?
Noam
I: oscap: Evaluating XCCDF rule 'accounts_password_pam_retry'.
I: oscap: Evaluating definition 'oval:org.open-scap.cpe.rhel:def:7': Red Hat
Enterprise Linux 7.
I: oscap: Definition 'oval:org.open-scap.cpe.rhel:def:7' evaluated as false.
I: oscap: Evaluating definition 'oval:org.open-scap.cpe.rhel:def:1007':
Community Enterprise Operating System 7.
I: oscap: Definition 'oval:org.open-scap.cpe.rhel:def:1007' evaluated as true.
I: oscap: Adding external variable oval:ssg-var_password_pam_retry:var:1.
I: oscap: Evaluating definition 'oval:ssg-accounts_password_pam_retry:def:1':
Set Password retry Requirements.
I: oscap: Criteria are extended by definition
'oval:ssg-installed_OS_is_rhel6:def:1'.
I: oscap: Evaluating definition 'oval:ssg-installed_OS_is_rhel6:def:1': Red
Hat Enterprise Linux 6.
I: oscap: Definition 'oval:ssg-installed_OS_is_rhel6:def:1' evaluated as
false.
I: oscap: Evaluating textfilecontent54 test
'oval:ssg-test_password_pam_cracklib_retry:tst:1': check the configuration of
/etc/pam.d/system-auth.
I: oscap: Querying textfilecontent54 object
'oval:ssg-obj_password_pam_cracklib_retry:obj:1', flags: 0.
I: oscap: Creating new syschar for textfilecontent54_object
'oval:ssg-obj_password_pam_cracklib_retry:obj:1'.
I: probe_textfilecontent54: Opening file '/etc/pam.d/system-auth'.
I: oscap: State 'oval:ssg-state_password_pam_retry:ste:1' references
external_variable 'oval:ssg-var_password_pam_retry:var:1'.
I: oscap: Test 'oval:ssg-test_password_pam_cracklib_retry:tst:1' requires
that at least one object defined by
'oval:ssg-obj_password_pam_cracklib_retry:obj:1' exists on the system.
I: oscap: 0 objects defined by
'oval:ssg-obj_password_pam_cracklib_retry:obj:1' exist on the system.
I: oscap: No item matching object
'oval:ssg-obj_password_pam_cracklib_retry:obj:1' was found on the system.
(flag=does not exist)
I: oscap: Test 'oval:ssg-test_password_pam_cracklib_retry:tst:1' evaluated as
false.
I: oscap: Criteria are extended by definition
'oval:ssg-installed_OS_is_rhel7:def:1'.
I: oscap: Evaluating definition 'oval:ssg-installed_OS_is_rhel7:def:1': Red
Hat Enterprise Linux 7.
I: oscap: Definition 'oval:ssg-installed_OS_is_rhel7:def:1' evaluated as
false.
I: oscap: Evaluating textfilecontent54 test
'oval:ssg-test_password_pam_pwquality_retry:tst:1': check the configuration of
/etc/pam.d/system-auth.
I: oscap: Querying textfilecontent54 object
'oval:ssg-obj_password_pam_pwquality_retry:obj:1', flags: 0.
I: oscap: Creating new syschar for textfilecontent54_object
'oval:ssg-obj_password_pam_pwquality_retry:obj:1'.
I: probe_textfilecontent54: Opening file '/etc/pam.d/system-auth'.
I: oscap: State 'oval:ssg-state_password_pam_retry:ste:1' references
external_variable 'oval:ssg-var_password_pam_retry:var:1'.
I: oscap: Test 'oval:ssg-test_password_pam_pwquality_retry:tst:1' requires
that at least one object defined by
'oval:ssg-obj_password_pam_pwquality_retry:obj:1' exists on the system.
I: oscap: 1 objects defined by
'oval:ssg-obj_password_pam_pwquality_retry:obj:1' exist on the system.
I: oscap: All items matching object
'oval:ssg-obj_password_pam_pwquality_retry:obj:1' were collected.
(flag=complete)
I: oscap: In test 'oval:ssg-test_password_pam_pwquality_retry:tst:1' all of
the collected items must satisfy these states:
'oval:ssg-state_password_pam_retry:ste:1'.
I: oscap: Entity 'subexpression'='3' of item '106534257' matches
corresponding entity in state 'oval:ssg-state_password_pam_retry:ste:1'.
I: oscap: Item '106534257' compared to state
'oval:ssg-state_password_pam_retry:ste:1' with result true.
I: oscap: Test 'oval:ssg-test_password_pam_pwquality_retry:tst:1' evaluated
as true.
I: oscap: Criteria are extended by definition
'oval:ssg-installed_OS_is_fedora:def:1'.
I: oscap: Evaluating definition 'oval:ssg-installed_OS_is_fedora:def:1':
Installed operating system is Fedora.
I: oscap: Definition 'oval:ssg-installed_OS_is_fedora:def:1' evaluated as
false.
I: oscap: Evaluating textfilecontent54 test
'oval:ssg-test_password_pam_pwquality_retry:tst:1': check the configuration of
/etc/pam.d/system-auth.
I: oscap: Test 'oval:ssg-test_password_pam_pwquality_retry:tst:1' evaluated
as true.
I: oscap: Definition 'oval:ssg-accounts_password_pam_retry:def:1' evaluated as
false.
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
