CODEWITHSUNDEEP
stig
Jacob Larsen
Jacob Larsen

Reputation: 11

Adjusting Ubuntu SCAP to work with Pop!_OS

I have a machine running pop!_OS, which is based on Ubuntu. I am currently on Pop!_OS 22.04 LTS and am using a SCAP: SCC 5.8 Ubuntu 22 AMD64 from cyber.mil. I've got openScap installed and I'm able to open the xml file using the tool and run a scan. However, because the SCAP lists the OS as Ubuntu 20.04 LTS, the SCAP skips each check believing the test to be unapplicable.

The terminal command I use is: sudo oscap xccdf eval --fetch-remote-resources --oval-results --profile xccdf_mil.disa.stig_profile_MAC-2_Sensitive --report scan.html --results scan_results /home/komodo2013/Downloads/updated_scap.xml

I therefore wrote a python script to change each of the platform tags from <platform>Ubuntu 20.04 LTS</platform> to <platform>Pop!_OS 22.04 LTS</platform>, however even this didn't work. I don't see any other obvious checks for which platform the SCAP is running on.

I believe the problem lies in the following section (please note this is an unedited version):

<definitions>
    <definition class="inventory" id="oval:mil.disa.stig.ubuntu2004:def:1" version="1">
        <metadata>
            <title>Ubuntu 20.04 LTS is installed</title>
            <affected family="unix">
                <platform>Ubuntu 20.04 LTS</platform>
            </affected>
            <reference ref_id="cpe:/o:canonical:ubuntu_linux:20.04" source="CPE" />
            <description>Ubuntu 20.04 LTS is installed</description>
        </metadata>
        <criteria>
            <criterion comment="Ubuntu 20.04 is installed" test_ref="oval:mil.disa.stig.ubuntu2004:tst:100" />
            </criteria>
    </definition>
</definitions>
<tests>
    <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="at_least_one_exists" comment="Ubuntu 20.04 is installed" id="oval:mil.disa.stig.ubuntu2004:tst:100" version="1">
    <object object_ref="oval:mil.disa.stig.ubuntu2004:obj:100" />
    <state state_ref="oval:mil.disa.stig.ubuntu2004:ste:100" />
    </textfilecontent54_test>
</tests>

I also caught a line near the beginning of the file: <xccdf:platform idref="cpe:/o:pop_os:pop_os:22.04" />

Unfortunately, I still cannot get the SCAP to run the individual tests. The scan completes and I can view the results in the html file it generates, however all tests are skipped as unapplicable.

My question is, how can I get the scan to run, either ignoring OS platform checks or change the SCAP to work with Pop!_OS?

Upvotes: 1

Views: 93

Answers (0)

Related Questions