In the past week I merged Daniel Kopecek’s patches to the master branch and applied new patches to make openscap master build and run on Windows. After a bit of gnulib wrestling I do have a working OpenSCAP and SCAP Workbench executables that can be tested.
The following screenshots were taken on Windows 7 with openscap from master branch (69626aeaf9dbb16b99bb9f3cd43423a3d00df179) and scap-workbench from master branch (d4ac3e4c49abb660e02f436b262315bd2b85679f). Everything was compiled using the mingw32 toolchain on Fedora 21.
Executables for testing
Please keep in mind that this is a preliminary release that is in no way official. It just shows what is possible right now and allows me to outline future plans. You should NOT use this in production!
Download: scap-workbench-win32-prealpha.zip
After extraction, run the scap-workbench.bat script. In the final release the bat script won’t be necessary, it just sets all the paths for now.
How to build (Fedora 21)
$ sudo dnf install mingw32-gcc mingw32-binutils mingw32-libxml2 \ mingw32-libgcrypt mingw32-pthreads mingw32-libxslt \ mingw32-curl mingw32-pcre \ automake autoconf libtool $ cd openscap $ ./autogen.sh # EDIT: Also disable oscap-docker because it needs bz2-devel $ mingw32-configure --disable-probes --disable-python --disable-util-oscap-docker $ make -j 4 $ sudo make install $ sudo dnf install mingw32-qt $ cd scap-workbench $ mkdir build/ $ cd build/ $ mingw32-cmake ../ $ make -j 4 $ sudo make install
What works
- Opening XCCDF files and source datastreams
- Changing profiles
- Opening tailoring, saving tailoring
- Customizing profiles
- Saving all into a directory
- Opening user manual
What doesn’t work
- Local scanning
- Remote scanning
- Saving as RPM
Plans
The high level goal is to enable remote scanning from Windows machines, that is the most immediate plan.
I am not sure about save-as-rpm. It is a great feature but getting all the necessary tools on Windows is a lot of pain.
After that I hope to add MacOS X support.
Also see the mailing list thread about this blog post on open-scap-list.
Go to Part 2