OpenSCAP Error: Could not open output file 'scan_results.xml': No such file or directory, Could not save file: scan_results.xml

Question

OpenSCAP Error: Could not open output file 'scan_results.xml': No such file or directory, Could not save file: scan_results.xml

acicalla-ampere opened this issue 5 months ago · comments

Description of Problem:

The audit is successfully showing results of pass/fail, but when the audit is completed and it attempts to write the results.xml and report.html files we receive the error below.

OpenSCAP Error: Could not open output file 'scan_results.xml': No such file or directory [/builddir/build/BUILD/openscap-1.3.8/src/common/util.c:514]
Could not save file: scan_results.xml [/builddir/build/BUILD/openscap-1.3.8/src/XCCDF/xccdf_session.c:1456]

OpenSCAP Version:

OpenSCAP command line tool (oscap) 1.3.8
Copyright 2009--2021 Red Hat Inc., Durham, North Carolina.

==== Supported specifications ====
SCAP Version: 1.3
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1

Operating System & Version:

Rockly Linux 8.9

Steps to Reproduce:

Edit the rhel8-ds.xml file to include the cpe for Rocky Linux.
validate that the cpe name is built in with oscap --version
==== Inbuilt CPE names ====
Red Hat Enterprise Linux - cpe:/o:redhat:enterprise_linux:-
Red Hat Enterprise Linux 5 - cpe:/o:redhat:enterprise_linux:5
Red Hat Enterprise Linux 6 - cpe:/o:redhat:enterprise_linux:6
Red Hat Enterprise Linux 7 - cpe:/o:redhat:enterprise_linux:7
Red Hat Enterprise Linux 8 - cpe:/o:redhat:enterprise_linux:8
Community Enterprise Operating System 5 - cpe:/o:centos:centos:5
Community Enterprise Operating System 6 - cpe:/o:centos:centos:6
Community Enterprise Operating System 7 - cpe:/o:centos:centos:7
Community Enterprise Operating System 8 - cpe:/o:centos:centos:8
Rocky Linux 8 - cpe:/o:rocky:rocky:8
Rocky Linux 9 - cpe:/o:rocky:rocky:9
Fedora 32 - cpe:/o:fedoraproject:fedora:32
Fedora 33 - cpe:/o:fedoraproject:fedora:33
Fedora 34 - cpe:/o:fedoraproject:fedora:34
Fedora 35 - cpe:/o:fedoraproject:fedora:35
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_server_l1 --results scan_results.xml --report scan_report.html ./ssg-rhel8-ds.xml
Then we receive the error instead of the html report or the xml report. We have done this before with CentOS and other Redhat variations without ever having and issue and have been able to harden those operating systems with the tools. This is the first time we have run into an error stating the results can not be saved.

Actual Results:

OpenSCAP Error: Could not open output file 'scan_results.xml': No such file or directory [/builddir/build/BUILD/openscap-1.3.8/src/common/util.c:514]
Could not save file: scan_results.xml [/builddir/build/BUILD/openscap-1.3.8/src/XCCDF/xccdf_session.c:1456]

Expected Results:

A scan_results.xml and a scan_report.html file with the results of the audit should be returned.

Additional Information / Debugging Steps:

we tried to specify the path for the scan_report and scan_results files but that did not change the results.

acicalla-ampere · Answer 1 · Fri Apr 26 2024 03:11:07 GMT+0800 (China Standard Time)

acicalla-ampere commented 5 months ago

acicalla-ampere · Answer 2 · Fri Apr 26 2024 03:11:34 GMT+0800 (China Standard Time)

You can see the cpe information validated and it's assessing the controls.

Evgeny Kolesnikov · Answer 3 · Fri Apr 26 2024 16:01:00 GMT+0800 (China Standard Time)

Do you have rights to write (overwrite) that file at that location?

acicalla-ampere · Answer 4 · Sat Apr 27 2024 05:35:22 GMT+0800 (China Standard Time)

You can close the ticket. The system has home directories mapped and mounted and root did not have permission to write into his home folder. Having him run this under /opt he had no issues.