Assertion failure with Debian Bookworm
orontee opened this issue · comments
Description of problem:
For the context, I am new to OpenSCAP
. I successfully ran on a Debian 12 (Bookworm) system an oscap oval eval
using the definitions found at https://www.debian.org/security/oval/ and I am now trying to use the SCAP Security Guide.
Since there's no Debian 12 profiles in the ssg-debian
package, I build and install from sources. But when I then try to run an oscap xccdf eval
using the freshly installed definitions, it stops with the following error:
oscap: ./src/XCCDF_POLICY/xccdf_policy.c:627: xccdf_policy_is_item_selected: Assertion `false' failed.
SCAP Security Guide Version:
I am using the commit 59013f6 from master branch.
Operating System Version:
Debian 12 (Bookworm)
Steps to Reproduce:
- Build using a Python virtual environment
$ python -m venv env
$ source env/bin/activate
(env)$ python -m pip install -r requirements.txt
(env)$ cd build
(env)$ cmake ..
(env)$ make -j10
(env)$ sudo make install
No error, everything looks good.
- Run
oscap xccdf eval
using the freshly installed definitions and the virtual environment still active:
(env) $ oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results-arf arf.xml --report report.html --oval-results /usr/local/share/xml/scap/ssg/content/ssg-debian12-xccdf.xml
...
Title Enable the NTP Daemon
Rule xccdf_org.ssgproject.content_rule_service_ntp_enabled
Result notapplicable
Title Set SSH Client Alive Count Max to zero
Rule xccdf_org.ssgproject.content_rule_sshd_set_keepalive_0
Result notapplicable
oscap: ./src/XCCDF_POLICY/xccdf_policy.c:627: xccdf_policy_is_item_selected: Assertion `false' failed.
Abandon
Actual Results:
oscap: ./src/XCCDF_POLICY/xccdf_policy.c:627: xccdf_policy_is_item_selected: Assertion `false' failed.
Expected Results:
An arf.xml
file and a HTML report.