| Summary: | openscap starts producing warning and error messages which are not useful to user | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Marek Haicman <mhaicman> | ||||
| Component: | openscap | Assignee: | Martin Preisler <mpreisle> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Marek Haicman <mhaicman> | ||||
| Severity: | high | Docs Contact: | Mirek Jahoda <mjahoda> | ||||
| Priority: | medium | ||||||
| Version: | 7.4 | CC: | hkhot, matmille, mhaicman, mpreisle, openscap-maint | ||||
| Target Milestone: | rc | Keywords: | Regression | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
*OpenSCAP* now produces only useful messages and warnings
Previously, default scan output settings have been changed, and debug messages were also printed to standard output. As a consequence, the *OpenSCAP* output was full of errors and warnings. The output was hard to read and the *SCAP Workbench* was unable to handle those messages, too. With this update, the change of default output setting has been reverted, and *OpenSCAP* now produces useful output.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-08-01 08:45:48 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
If you redirect stderr it will clean up the output, correct? oscap xccdf eval --progress ...... 2>/dev/null Regardless, I think we should revert this in RHEL 7.4 and give ourselves more time to recategorize some of the messages. *** Bug 1447446 has been marked as a duplicate of this bug. *** Verified fix (revert) in version openscap-1.2.14-2.el7.x86_64
OLD (openscap-1.2.14-1.el7.x86_64):
:: [ PASS ] :: Command 'oscap xccdf eval --benchmark-id xccdf_org.ssgproject.content_benchmark_RHEL-7 --oval-results --report xccdf_org.ssgproject.content_profile_cjis-rhel7-server.html --progress --profile xccdf_org.ssgproject.content_profile_cjis-rhel7-server /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml' (Expected 0,2, got 2)
:: [ PASS ] :: File '/var/tmp/rlRun_LOG.fqP5DwP0' should contain '^xccdf_org.ssgproject.content'
:: [ PASS ] :: File '/var/tmp/rlRun_LOG.fqP5DwP0' should not contain ':error$'
:: [ PASS ] :: File '/var/tmp/rlRun_LOG.fqP5DwP0' should not contain ':unknown$'
W: probe_rpminfo: Failed to extract the Key ID value: regex="Key ID [a-fA-F0-9]{16}", string="(none)"
W: oscap: Referenced variable has no values (oval:ssg-variable_aide_build_new_database_absolute_path:var:1).
W: oscap: Referenced variable has no values (oval:ssg-variable_aide_operational_database_absolute_path:var:1)
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
W: oscap: rbt_str_add: non-zero return code
:: [ FAIL ] :: File 'unexpected' should not contain '.'
:: [ 13:19:57 ] :: [ INFO ] :: Sending /tmp/tmp.eXOa1ALIDB/xccdf_org.ssgproject.content_profile_cjis-rhel7-server.html as tmp-tmp.eXOa1ALIDB-xccdf_org.ssgproject.content_profile_cjis-rhel7-server.html
:: [ 13:19:57 ] :: File '/tmp/tmp.wV36EO8MG5/tmp-tmp.eXOa1ALIDB-xccdf_org.ssgproject.content_profile_cjis-rhel7-server.html' stored here: /var/tmp/BEAKERLIB_6524003_STORED_tmp-tmp.eXOa1ALIDB-xccdf_org.ssgproject.content_profile_cjis-rhel7-server.html
:: [ FAIL ] :: using profile 'xccdf_org.ssgproject.content_profile_cjis-rhel7-server'
NEW:
:: [ PASS ] :: Command 'oscap xccdf eval --benchmark-id xccdf_org.ssgproject.content_benchmark_RHEL-7 --oval-results --report xccdf_org.ssgproject.content_profile_cjis-rhel7-server.html --progress --profile xccdf_org.ssgproject.content_profile_cjis-rhel7-server /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml' (Expected 0,2, got 2)
:: [ PASS ] :: File '/var/tmp/rlRun_LOG.LwSV56MW' should contain '^xccdf_org.ssgproject.content'
:: [ PASS ] :: File '/var/tmp/rlRun_LOG.LwSV56MW' should not contain ':error$'
:: [ PASS ] :: File '/var/tmp/rlRun_LOG.LwSV56MW' should not contain ':unknown$'
:: [ PASS ] :: File 'unexpected' should not contain '.'
:: [ PASS ] :: using profile 'xccdf_org.ssgproject.content_profile_cjis-rhel7-server'
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2291 |
Created attachment 1275678 [details] example full of such errors Description of problem: When performing scanning with --progress flag, errors and warnings are printed in such way it breaks the output. Version-Release number of selected component (if applicable): openscap-1.2.14-1.el7.x86_64 How reproducible: reliably Steps to Reproduce: 1. scan machine with some more complex profile 2. 3. Actual results: xccdf_org.ssgproject.content_rule_aide_build_database:W: oscap: Referenced variable has no values (oval:ssg-variable_aide_build_new_database_absolute_path:var:1). W: oscap: Referenced variable has no values (oval:ssg-variable_aide_operational_database_absolute_path:var:1) fail xccdf_org.ssgproject.content_rule_mount_option_noexec_removable_partitions:W: oscap: Skipping external variable oval:ssg-var_removable_partition:var:1. pass xccdf_org.ssgproject.content_rule_selinux_confinement_of_daemons:E: probe_selinuxsecuritycontext: Can't get context for /proc/2/exe: No such file or directory E: probe_selinuxsecuritycontext: Can't get context for /proc/3/exe: No such file or directory ... E: probe_selinuxsecuritycontext: Can't get context for /proc/9142/exe: No such file or directory pass Expected results: If warnings and errors needs to be printed, put it after the first line containing a result Additional info: