Has anyone got this to work? I run into the same error no matter what command I use scap2.exe *.XML – whatever returns “Erector::Widgets::Table requires active_support”
Anyone have a suggestion?
Thanks
RJM
Hi. The above message is not an error. You can safely ignore that message.
I must be missing something then, nothing gets created after running the scap2.exe commands?
Can you share the command used? And is there any other log message printed out?
Ok, I figured this out somewhat… This is the command I used:
scap2.exe D:\SCAP\vCenter\esx5\U_ESXi5_vCenter_Server_V1R5_Manual-xccdf.xml --format bes --builddir d:\SCAP\vCenter\esx5
It builds a *.bes file but all the fixlets and analysis show as “placeholders”, so am I still missing something? I was expecting different results, like actual working fixlets??
Thanks
Logs:
The VMware Update Manager must not be configured to manage its own VM or the VM of its vCenter Server.
Privilege re-assignment must be checked after the vCenter Server restarts.
The Web datastore browser must be disabled, unless required for normal day-to-day operations.
The managed object browser must be disabled, at all times, when not required for the purpose of troubleshooting or maintenance of managed objects.
The vCenter Server must be installed using a service account instead of a built-in Windows account.
The connectivity between Update Manager and public patch repositories must be restricted by use of a separate Update Manager Download Server.
The vCenter Server administrative users must have the correct roles assigned.
Access to SSL certificates must be monitored.
Expired certificates must be removed from the vCenter Server.
Log files must be cleaned up after failed installations of the vCenter Server.
Revoked certificates must be removed from the vCenter Server.
The vCenter Administrator role must be secured and assigned to specific users other than a Windows Administrator.
Access to SSL certificates must be restricted.
The system must restrict unauthorized vSphere users from being able to execute commands within the guest virtual machine.
The use of Linux-based clients must be restricted.
Network access to the vCenter Server system must be restricted.
A least-privileges assignment must be used for the vCenter Server database user.
A least-privileges assignment must be used for the Update Manager database user.
The system must set a timeout for all thick-client logins without activity.
vSphere Client plugins must be verified.
The system must always verify SSL certificates.
The vCenter Administrator role must be secured by assignment to specific users authorized as vCenter Administrators.
The Update Manager Download Server must be isolated from direct connection to Internet public patch repositories by a proxy server.
The Update Manager must not directly connect to public patch repositories on the Internet.
The placeholder fixlet is generated when the input check is not implemented in the xccdf/oval files. The benchmark that you used is a manual one that doesn’t contain the machine-readable implementation (in oval format).
Thanks for all the responses but are you saying I wont get any fixlets from this?
Ah, so if resource I want to use doesn’t say OVAL on the NVD site I wont get fixlets?
or “should work in in validated SCAP tool” under the Tier search piece on the NVD site?