Ubuntu 18.04 , 20.04 or 22.04 is not supporting XCCDF evualtion & CIS Benchmark
kumar6429 opened this issue · comments
- Is this an issue with SCAP Security Guide (i.e., related to the content of scans, not the scanner proper)?
- If so, report it here: https://github.com/OpenSCAP/scap-security-guide/issues
- Is this an issue during the OS installation process?
- If so, report it here: https://github.com/OpenSCAP/oscap-anaconda-addon/issues
Thanks!
Description of Problem: XCCDF Evaluation & CIS Benchmarks are not supported in Ubuntu 18.04 ,20.04 & 22.04 version
OpenSCAP Version: 1.2.16
Operating System & Version: Ubuntu & 18.04 ,20.04 & 22.04
Steps to Reproduce:
- Log into Ubuntu system
- Run the OpenSCAP evaluation command as below.
ssm-user@vmc-tf-OpenSCAP-Ubuntu2004-vmc-on-aws-1:/usr/bin$ oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_server /usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml
OpenSCAP Error: Unable to open file: '/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml' [../../../src/source/oscap_source.c:284]
-
I don't see XCCDF SSG profile on this system for Ubuntu 18.04 / 20.04 / 22.04
ssm-user@vmc-tf-OpenSCAP-Ubuntu2004-vmc-on-aws-1:/usr/bin$ cd /usr/share/xml/scap/ssg/content
ssm-user@vmc-tf-OpenSCAP-Ubuntu2004-vmc-on-aws-1:/usr/share/xml/scap/ssg/content$ ls -l | grep ubuntu
-rw-r--r-- 1 root root 578 Jul 26 2018 ssg-ubuntu1404-cpe-dictionary.xml
-rw-r--r-- 1 root root 40395 Jul 26 2018 ssg-ubuntu1404-cpe-oval.xml
-rw-r--r-- 1 root root 742456 Jul 26 2018 ssg-ubuntu1404-ds.xml
-rw-r--r-- 1 root root 41971 Jul 26 2018 ssg-ubuntu1404-ocil.xml
-rw-r--r-- 1 root root 397360 Jul 26 2018 ssg-ubuntu1404-oval.xml
-rw-r--r-- 1 root root 230476 Jul 26 2018 ssg-ubuntu1404-xccdf.xml
-rw-r--r-- 1 root root 578 Jul 26 2018 ssg-ubuntu1604-cpe-dictionary.xml
-rw-r--r-- 1 root root 40395 Jul 26 2018 ssg-ubuntu1604-cpe-oval.xml
-rw-r--r-- 1 root root 743081 Jul 26 2018 ssg-ubuntu1604-ds.xml
-rw-r--r-- 1 root root 42001 Jul 26 2018 ssg-ubuntu1604-ocil.xml
-rw-r--r-- 1 root root 397681 Jul 26 2018 ssg-ubuntu1604-oval.xml
-rw-r--r-- 1 root root 230777 Jul 26 2018 ssg-ubuntu1604-xccdf.xml
ssm-user@vmc-tf-OpenSCAP-Ubuntu2004-vmc-on-aws-1:/usr/share/xml/scap/ssg/content$ -
Install both OpenSCAP & SSG by running below commands.
apt-get install libopenscap8
apt install ssg-base ssg-debderived ssg-debian ssg-nondebian ssg-applications -
Even after I am unable to run XCCDF evaluation with CIS Benchmarks for Ubuntu 18.04 / 20.04 / 22.04
Actual Results: OpenSCAP Error: Unable to open file: '/usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml' [../../../src/source/oscap_source.c:284]
Expected Results: It's should run & scan results should be saved in local (arf.xml & report.html)
Additional Information / Debugging Steps:
This is the OpenSCAP upstream repo. The SSG project upstream repo is here: https://github.com/ComplianceAsCode/content.
The CaC (SSG) upstream project has some content for Ubuntu 20.04, but it is up to the Ubuntu maintainers / packages to decide what is being shipped downstream.