In the past week I merged Daniel Kopecek’s patches to the master branch and applied new patches to make openscap master build and run on Windows. After a bit of gnulib wrestling I do have a working OpenSCAP and SCAP Workbench executables that can be tested.
The following screenshots were taken on Windows 7 with openscap from master branch (69626aeaf9dbb16b99bb9f3cd43423a3d00df179) and scap-workbench from master branch (d4ac3e4c49abb660e02f436b262315bd2b85679f). Everything was compiled using the mingw32 toolchain on Fedora 21.
Executables for testing
Please keep in mind that this is a preliminary release that is in no way official. It just shows what is possible right now and allows me to outline future plans. You should NOT use this in production!
Download: scap-workbench-win32-prealpha.zip
After extraction, run the scap-workbench.bat script. In the final release the bat script won’t be necessary, it just sets all the paths for now.
How to build (Fedora 21)
$ sudo dnf install mingw32-gcc mingw32-binutils mingw32-libxml2 \ mingw32-libgcrypt mingw32-pthreads mingw32-libxslt \ mingw32-curl mingw32-pcre \ automake autoconf libtool $ cd openscap $ ./autogen.sh # EDIT: Also disable oscap-docker because it needs bz2-devel $ mingw32-configure --disable-probes --disable-python --disable-util-oscap-docker $ make -j 4 $ sudo make install $ sudo dnf install mingw32-qt $ cd scap-workbench $ mkdir build/ $ cd build/ $ mingw32-cmake ../ $ make -j 4 $ sudo make install
What works
- Opening XCCDF files and source datastreams
- Changing profiles
- Opening tailoring, saving tailoring
- Customizing profiles
- Saving all into a directory
- Opening user manual
What doesn’t work
- Local scanning
- Remote scanning
- Saving as RPM
Plans
The high level goal is to enable remote scanning from Windows machines, that is the most immediate plan.
I am not sure about save-as-rpm. It is a great feature but getting all the necessary tools on Windows is a lot of pain.
After that I hope to add MacOS X support.
Also see the mailing list thread about this blog post on open-scap-list.
Go to Part 2
Hi Martin,
my apologies if this is answered somewhere else. (Google was NOT my friend.) I’ve been trying to use scap-workbench under Windows 7. When I hit “scan”, I get the a popup with the following text:
13:37:02
info
scap-workbench 1.1.0rc1, compiled with Qt 4.8.6, using openscap 1.3.0
13:37:08
info
Opened file ‘C:/scap-workbench/ssg/Windows7/ssg-Windows7-ds.xml’.
13:37:38
info
Querying capabilities…
13:37:38
error
Exception was thrown while evaluating! Details follow: There was a problem with SyncProcess! Starting process ‘oscap –v’ failed. The process is not in a running state.
Thanks for any help you may provide,
Dave
Hi, thanks for your comment.
This is expected behavior, openscap does not support scanning Windows machines yet. At this point workbench can only be used as a tailoring tool on Windows. Local scanning on Windows may be implemented in the future but right now we don’t have plans to do it.
In future releases I will make this more clear by graying out the local scan option. See https://github.com/OpenSCAP/scap-workbench/commit/68412550a441ed04e0d9e5be2eac7458001b43b5
Ahh, got it. Thanks for the info Martin and for your efforts on this tool.
Hey Martin,
Can you say more about “After a bit of gnulib wrestling” ?
I am trying to install oscap on Windows but i have some errors when i try to build, autogen.sh more precisely …
I am using Cygwin and I’ve received this following error:
error: expected source file, required through AC_LIBSOURCES, not found
Can you help me to perform this installation on Windows ?
Thanks for any help you may provide,
Hussein
I used the mingw32 toolchain in Fedora so I actually ran ./autogen.sh using the Fedora toolchain, not cygwin or mingw32. Then I used mingw32-configure.
Is that an option for you? Perhaps you can install a Linux VM, run autogen.sh and then use cygwin for the configure.
If you find a solution to the issue we are definitely interested in merging it but I won’t have time in the near future to look into fixing it myself.
Hey Martin,
In fact, I’ve already installed OpenScap on Kali (Debian) system, and it works very well. The problem is that I need to have openscap installed with Windows environment and I’ve saw that you succeeded to install it with Windows and it works with SCAP Workbench, my Workbench on Windows is ok but i need oscap binary to use SCAP on Windows and it doesn’t works without oscap.
It’s quite weird because I can see a lot of OVAL tests for Windows on Internet but I don’t see anywhere a way to install it on Windows.
Thanks in advance for your help.
Hussein
I have ubuntu server and i would like to scan ubuntu and openstack server over it using OpenSCAP…
Please guide me how this can be achieved….