You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/manual/manual.adoc
+44Lines changed: 44 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -445,6 +445,50 @@ Ident CCE-3967-7
445
445
Result pass
446
446
----
447
447
448
+
The meaning of results is defined by https://csrc.nist.gov/CSRC/media/Publications/nistir/7275/rev-4/final/documents/nistir-7275r4_updated-march-2012_clean.pdf[XCCDF Specification].
449
+
This table lists the possible results of a single rule:
450
+
451
+
.XCCDF results
452
+
|===
453
+
|Result |Description |Example Situation
454
+
455
+
|pass
456
+
|The target system or system component satisfied all the conditions of the rule.
457
+
|
458
+
459
+
|fail
460
+
|The target system or system component did not satisfy all the conditions of the rule.
461
+
|
462
+
463
+
|error
464
+
|The checking engine could not complete the evaluation, therefore the status of the target’s compliance with the rule is not certain.
465
+
|OpenSCAP was run with insufficient privileges and could not gather all of the necessary information.
466
+
467
+
|unknown
468
+
|The testing tool encountered some problem and the result is unknown.
469
+
|OpenSCAP was unable to interpret the output of the checking engine (the output has no meaning to OpenSCAP).
470
+
471
+
|notapplicable
472
+
|The rule was not applicable to the target of the test.
473
+
|The rule might have been specific to a different version of the target OS, or it might have been a test against a platform feature that was not installed.
474
+
475
+
|notchecked
476
+
|The rule was not evaluated by the checking engine. This status is designed for rules that have no <xccdf:check> elements or that correspond to an unsupported checking system. It may also correspond to a status returned by a checking engine if the checking engine does not support the indicated check code.
477
+
|The rule does not reference any OVAL check.
478
+
479
+
|notselected
480
+
|The rule was not selected in the benchmark. OpenSCAP does not display rules that were not selected.
481
+
|The rule exists in the benchmark, but is not a part of selected profile.
482
+
483
+
|informational
484
+
|The rule was checked, but the output from the checking engine is simply information for auditors or administrators; it is not a compliance category. This status value is designed for rules whose main purpose is to extract information from the target rather than test the target.
485
+
|
486
+
487
+
|fixed
488
+
|The rule had failed, but was then fixed by automated remediation.
489
+
|
490
+
|===
491
+
448
492
The CPE dictionary is used to determine whether the content is
449
493
applicable on the target platform or not. Any content that is not
450
494
applicable will result in each relevant XCCDF rule being evaluated to
0 commit comments