hi, i’m using openSCAP installed on kali linux which is in turn installed on virtual box …
I installed the sw from cli … I use this command to start a scan of my system:
“oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_ospp --results-arf results.xml --report report.html /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml”
however, the result of all the scanning functions is always this:
“Result notapplicable”.
Can anyone explain to me why please?
The RHEL part of the security guide does very specific checks (like against /etc/os-release) to ensure the scan is actually applicable and can be done accurately.
You would need to build a patched version of the security guide as we do with our own packages. See our patch and the spec file. When you build the custom content, you would then use ssg-rl8-ds.xml or whatever is produced.
ok, but how do i create this patch? do I have to give a command to the terminal? I don’t understand … can you explain it to me please?
I responded to your other thread about this with a link to our article on running SCAP scans for rocky locally. Its possible to run remote scans as well, if thats what you are asking, from any system running the SCAP workbench. You would just need to copy the existing scap content from a rocky 8/9 system to your SCAP workbench host.
ok thank you very much, but I didn’t understand how to solve the error I reported above
This content above, is not compatible with Rocky 8. You need to use ssg-rl8-ds.xml, which you will be able to find on a Rocky 8 linux system in the package: scap-security-guide
so to launch a scan from my terminal I have to use an os rocky linux? Can’t I do it with Kali linux?
@coch you can scan it on Kali, but, you need the ssg-rl8-ds.xml file. So, step-by-step:
dnf install scap-security-guide
Once it’s installed, use scp or rsync to copy /usr/share/xml/scap/ssg/content/ssg-rl8-ds.xml from your Rocky 8 server to your Kali machine.
Run scan on Kali machine using the ssg-rl8-ds.xml file.
And if it doesn’t work, and the ssg-rl8-ds.xml relies on other files, then you should find them also on your Rocky 8 server from the similar path location as the above file.