Skip to Content
Information
Space banner This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Unsupported check systems handling

BMC Client Management SCAP implementation supports the Open Vulnerability and Assessment Language (OVAL) check system. As a consequence, the engine can process XCCDF checks referencing OVAL definitions and will not process those for which the checking system is all but OVAL. When processing an XCCDF rule, the engine will verify each associated check and reject entries that either cannot be resolved or that have an unsupported check system. Then, rules for which all the entries are rejected cannot be checked and are managed accordingly. The SCAP job log file provides a first indication in this case. Below is a log extract for rules associated to the unsupported Open Checklist Interactive Language (OCIL):



...
2014/06/24 16:46:24 ScapLib I   [10552] Processing Rule.NotChecked (xccdf_gov.nist_rule_user_setting_OCIL-Enable_screen_saver)
2014/06/24 16:46:24 ScapLib I   [10552] Processing Rule.NotChecked (xccdf_gov.nist_rule_user_setting_OCIL-Password_protect_the_screen_saver)
2014/06/24 16:46:24 ScapLib I   [10552] Processing Rule.NotChecked (xccdf_gov.nist_rule_user_setting_OCIL-Screen_Saver_timeout)
2014/06/24 16:46:24 ScapLib I   [10552] Processing Rule.NotChecked (xccdf_gov.nist_rule_user_setting_OCIL-Turn_off_Help_Ratings)
2014/06/24 16:46:24 ScapLib I   [10552] Processing Rule.NotChecked (xccdf_gov.nist_rule_user_setting_OCIL-Do_not_preserve_zone_information_in_file_attachments)
2014/06/24 16:46:24 ScapLib I   [10552] Processing Rule.NotChecked (xccdf_gov.nist_rule_user_setting_OCIL-Hide_mechanisms_to_remove_zone_information)
2014/06/24 16:46:24 ScapLib I   [10552] Processing Rule.NotChecked (xccdf_gov.nist_rule_user_setting_OCIL-Notify_antivirus_programs_when_opening_attachments)
2014/06/24 16:46:24 ScapLib I   [10552] Processing Rule.NotChecked (xccdf_gov.nist_rule_user_setting_OCIL-Prevent_users_from_sharing_files_within_their_profile)
...

Product output makes it possible to determine which rules have not been processed. The SCAP Job Results view applied to targets may include such rules with status 'Not Checked':

result.png

result2.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Client Management 12.8