You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I load the "stigviewer" xml file that oscap generates, I normally am not met with any errors. As of v3r10, this is fine. Lately, with v3r11 and v3r12, it throws a lot of errors related to "Warning! Extraneous Result Found!" and lists a bunch of SV- numbers with version "NA".
I load the DISA STIG benchmark xml file into STIGViewer 2.7 and then create a new checklist and then import my result file (not the xccdf file but the stigviewer file). Again, this is fine using 0.1.67 SCAP results (v3r10) and 0.1.68 throws these errors:
and if I try to load v3r11 (0.1.68) results into v3r11 benchmark file, it's just a bunch of errors, like dozens.
Also, second topic, I find that "content_rule_passwd_system-auth_substack" is not included in RHEL 7 STIG profile? Is this intentional? It covers V-204405. Eval passes if I manually enable it, but why is this not included? Can we include it?
Hope this is the right place to get this discussion going. I am still learning about how this tech works, so apologies if I sound clumsy.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello, first time poster.
When I load the "stigviewer" xml file that oscap generates, I normally am not met with any errors. As of v3r10, this is fine. Lately, with v3r11 and v3r12, it throws a lot of errors related to "Warning! Extraneous Result Found!" and lists a bunch of SV- numbers with version "NA".
I load the DISA STIG benchmark xml file into STIGViewer 2.7 and then create a new checklist and then import my result file (not the xccdf file but the stigviewer file). Again, this is fine using 0.1.67 SCAP results (v3r10) and 0.1.68 throws these errors:
ID: SV-256969r902690_rule; Version: N/A
ID: SV-256968r902687_rule; Version: N/A
ID: SV-256970r902696_rule; Version: N/A
and if I try to load v3r11 (0.1.68) results into v3r11 benchmark file, it's just a bunch of errors, like dozens.
Also, second topic, I find that "content_rule_passwd_system-auth_substack" is not included in RHEL 7 STIG profile? Is this intentional? It covers V-204405. Eval passes if I manually enable it, but why is this not included? Can we include it?
Hope this is the right place to get this discussion going. I am still learning about how this tech works, so apologies if I sound clumsy.
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions