5 Replies Latest reply on Jun 29, 2012 2:44 PM by Steven Scarborough

    S-CAP Content for AIX, Linux and Solaris

    Steven Scarborough

      Does BladeLogic support Benchmark S-CAP content for Aix, Linux and Solaris? We are running v.8.2 SP1 and have had little success getting the various flavors of UNIX/Linux S-CAP content to import correctly. All versions give the error "Error(s) encountered while parsing the OVAL file. Please check Application Server Logs for details".  Here is an example of the AIX S-CAP content we are trying to import:

       

      From:

      http://iase.disa.mil/stigs/index.html

       

      The file name is: AIX 6.1 STIG Benchmark, Version 1, Release 0.6

       

      The extracted file contains the following files:

      U_AIX_6.1-V1R0.6_STIG_Benchmark-oval.xml

      U_AIX_6.1-V1R0.6_STIG_Benchmark-xccdf.xml

      U_AIX_6.1-V1R0.6_STIG_Benchmark-cpe-dictionary.xml

      U_AIX_6.1-V1R0.6_STIG_Benchmark-cpe-oval.xml

       

      All of these files are in the same directory.

       

      The option is given to continue with the import by choosing "Yes" and the import completes.

       

      Here is an extract of the appserver.log showing the errors:

       

      26:32,292] [Client-Connections-Thread-2] [WARN] [BLAdmin:BLAdmins:10.200.113.12] [Client] cvc-complex-type.2.2: Element 'user_id' must have no element [children], and the value must be valid.

      [05 Jun 2012 12:26:32,292] [Client-Connections-Thread-2] [WARN] [BLAdmin:BLAdmins:10.200.113.12] [Client] cvc-complex-type.3.1: Value 'string' of attribute 'datatype' of element 'group_id' is not valid with respect to the corresponding attribute use. Attribute 'datatype' has a fixed value of 'int'.

      [05 Jun 2012 12:26:32,292] [Client-Connections-Thread-2] [WARN] [BLAdmin:BLAdmins:10.200.113.12] [Client] cvc-datatype-valid.1.2.3: '^(0|2|3|8)$' is not a valid value of union type 'null'.

      [05 Jun 2012 12:26:32,292] [Client-Connections-Thread-2] [WARN] [BLAdmin:BLAdmins:10.200.113.12] [Client] cvc-complex-type.2.2: Element 'group_id' must have no element [children], and the value must be valid.

      [05 Jun 2012 12:26:32,292] [Client-Connections-Thread-2] [WARN] [BLAdmin:BLAdmins:10.200.113.12] [Client] cvc-complex-type.3.1: Value 'string' of attribute 'datatype' of element 'user_id' is not valid with respect to the corresponding attribute use. Attribute 'datatype' has a fixed value of 'int'.

      [05 Jun 2012 12:26:32,292] [Client-Connections-Thread-2] [WARN] [BLAdmin:BLAdmins:10.200.113.12] [Client] cvc-complex-type.3.1: Value 'string' of attribute 'datatype' of element 'user_id' is not valid with respect to the corresponding attribute use. Attribute 'datatype' has a fixed value of 'int'.

       

      [05 Jun 2012 12:26:32,449] [Client-Connections-Thread-2] [INFO] [BLAdmin:BLAdmins:10.200.113.12] [Client] Benchmark AIX_6.1_STIG and its content files may have parsing issues

       

      ====================================

       

      When I run the S-CAP compliance job it fails with the message that the OS is not AIX 6.1, however it is (in the property database and the output of uname). It also says the agent must be 8.2 but the 8.2 SP1 agent is installed.

       

      Any advise would be appreciated.

        • 1. S-CAP Content for AIX, Linux and Solaris
          Siddharth Burle

          BMC Bladelogic supports Benchmark for Windows, Linux and Solaris.

          Whenever you import a benchmark (SCAP Content), bladelogic internally does the validation based on the associated xsd.

          Due to this you are getting errors. This means the content is not correct.

          Take any error and confirm if the content is proper by validating it against the xsd present.

          Ideally there should be no parsing error.

          ==============================================================================

          For example :- cvc-complex-type.3.1: Value 'string' of attribute 'datatype' of element 'user_id' is not valid with respect to the corresponding attribute use. Attribute 'datatype' has a fixed value of 'int'.

           

          means the content you have is pointing user_id datatype to be string and as per xsd it should be int.

          ==============================================================================

           

          Now regarding the last error that OS is not AIX 6.1 and agent must be 8.2 but the 8.2 SP1 agent is installed --

           

          Can you please confirm by clicking on the Server and check its extended properties for agent specific information. You may optionally run Update Server Properties and try rerunning.

          1 of 1 people found this helpful
          • 2. S-CAP Content for AIX, Linux and Solaris
            Siddharth Burle

            Just forget to mention OVAL- xsd 5.10 is bundled with the agent.

            • 3. S-CAP Content for AIX, Linux and Solaris
              Steven Scarborough

              Thanks for your response. The server property for the agent does show the correct agent version.

               

              We have had no problems with Windows S-CAP content in BL. So far we haven't found any UNIX/Linux SCAP benchmark sources that will install without errors. Has anyone had success importing non-Windows SCAP content?

              • 4. Re: S-CAP Content for AIX, Linux and Solaris
                Bill Robinson

                If it validates as scap compliant then it should work.

                 

                As far as the agent version issue, is the RSCD_VERSION property value showing as 8.2 SP1 ?

                 

                Otherwise I would open a ticket.

                • 5. S-CAP Content for AIX, Linux and Solaris
                  Steven Scarborough

                  Thanks for you response Bill. Since this posting we have been informed by BMC this is an issue with SP1. The fix for this error will be address in 8.2.SP2.