UBUNTU2204: Oscap log dows not show Rule Ident

[Ppfrassino-stefanini]

Hi,
using ComplanceAsCode last version 0.1.75 , I've run oscap tests on a UBUNTU system.
The command I run is:
/usr/bin/oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_cis_level1_server --results ${RESFILE} --report ${REPORTFILE} ${GENFILE} >> ${LOGFILE} 2>&1
where $GENFILE is /usr/local/sbin/DSFILES/PIERPAssg-ubuntu2204-ds.xml ( only a copy for the 0.1.75 released xml file )

The log generated, ${LOGFILE}, contains lines as

Title Audit Configuration Files Must Be Owned By Root
Rule xccdf_org.ssgproject.content_rule_file_ownership_audit_configuration
Result notapplicable

It seems that the line

Ident CCE-XXXXX-X

Is not present.
If I run the same command for a RHEL platform, using rhel released oscap and ssg-security guide rpms, the lines appear like:

Title Use Only Strong Key Exchange algorithms
Rule xccdf_org.ssgproject.content_rule_sshd_use_strong_kex
Ident CCE-86518-8
Result fail

There is something missing in the command or it is an unexpected behaviour? Cpuld you help me in fixing this issue please?

Thanks a lot in advance for any suggestion
Pierpa

[Mab879]

That is expected behavior since Ubuntu doesn't define the CCE identifiers for their rules so you will not get the CCE-XXXXX-X identifiers in the output.

It is worth noting that only SUSE and Red Hat add CCEs to their rules.

[Ppfrassino-stefanini]

Hi,
thanks for your quick reply. I've only experiences in SUSE SCAP, therefore this information is really welcome!!

Pierpa