Skip to content
This repository has been archived by the owner on Jan 3, 2023. It is now read-only.

oscapd-evaluate should not report that evaluation was done if it wasn't done #97

Open
jan-cerny opened this issue May 2, 2017 · 5 comments
Open

oscapd-evaluate should not report that evaluation was done if it wasn't done #97

jan-cerny opened this issue May 2, 2017 · 5 comments
Milestone
0.1.11

Comments

@jan-cerny
Copy link
Member

I think that following output is horribly confusing, because in this case neither CVE scan nor Standard compliance scan was performed.

[root@thinkpad ~]# oscapd-evaluate scan --no-cve-scan --no-standard-compliance --output output/
INFO:OpenSCAP Daemon one-off evaluator 0.1.7
INFO:Successfully imported 'docker' and 'Atomic.mount', container scanning enabled.
INFO:Evaluated EvaluationSpec, exit_code=0.
INFO:[100.00%] Scanned target 'localhost'

The only thing that has been done was that applicable CPEs were determined, but I will not say that the "target was scanned". I see determining CPEs as a special use-case, that has to be done before scan.

I know that technically it's a scan, because it uses oscap xccdf eval under the hood, but user doesn't have to know that.
@jan-cerny
Copy link
Member Author

It's even more confusing for me when I run
oscapd-evaluate scan --no-cve-scan --output output
and it says immediately:

INFO:OpenSCAP Daemon one-off evaluator 0.1.7
INFO:Successfully imported 'docker' and 'Atomic.mount', container scanning enabled.
INFO:Evaluated EvaluationSpec, exit_code=0.

and then nothing happens for tens of seconds and my CPU cooler starts to spin.
It gives me an impression that it's stalled and I should kill it.
But actually it's evaluating "Verify and Correct File Permissions with RPM" rule, which take some time.

If I'm patient enough, I'll get

[root@thinkpad ~]# oscapd-evaluate scan --no-cve-scan  --output output/
INFO:OpenSCAP Daemon one-off evaluator 0.1.7
INFO:Successfully imported 'docker' and 'Atomic.mount', container scanning enabled.
INFO:Evaluated EvaluationSpec, exit_code=0.
WARNING:Evaluated EvaluationSpec, exit_code=2.
INFO:[100.00%] Scanned target 'localhost'

I think that's not a good user experience.

@jan-cerny
Copy link
Member Author

@mpreisler I'm interested in your opinion on this. I suggest handling CPEs determination in a special way so that it is not reported as a scan.

Also I think that we could show the progress while evaluating, that would be beneficial especially for profiles with many rules. Waiting for tens of seconds without any output isn't user friendly.

@jan-cerny
Copy link
Member Author

Any suggestions?

@jan-cerny
Copy link
Member Author

@OpenSCAP/daemon-developers ???

@jan-cerny jan-cerny added this to the 0.1.8 milestone Aug 3, 2017
@mpreisler
Copy link
Member

@mpreisler I'm interested in your opinion on this. I suggest handling CPEs determination in a special way so that it is not reported as a scan.

Also I think that we could show the progress while evaluating, that would be beneficial especially for profiles with many rules. Waiting for tens of seconds without any output isn't user friendly.

Yeah, sure.

@mpreisler mpreisler modified the milestones: 0.1.8, 0.1.9 Sep 28, 2017
@matejak matejak modified the milestones: 0.1.9, 0.1.10 Jan 16, 2018
@matejak matejak modified the milestones: 0.1.10, 0.1.11 Feb 8, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.1.11
Development

No branches or pull requests
3 participants
@mpreisler @matejak @jan-cerny