NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
CTRL-M Characters Prevent Running of the S-cat.sh file for an Offline Assessment
Cannot Import SCAP Templates after Installing the SCAP Module
Risk Score Might be Applied Inappropriately to Windows Server 2003 Endpoints
XCCDF Conversion Utility Displays Errors during Successful Conversion
Exported XCCDF File Might Report an Inaccurate Number of Windows XP and Vista Endpoints
Password Field for the Report Loader Might Not Display Asterisks for All Characters Entered
Issue: When you attempt to run the s-cat.sh file for an offline assessment on a UNIX server, the script might fail to run and the terminal displays the following error:
bash: ./s-cat.sh: /bin/sh^M: bad interpreter: No such file or directory
The script fails because the file contains CTRL-M (^M) characters. This issue might occur after you extract the offline assessment file from the SCAP package. (Bug 1073504, 1073947)
Workaround: To remove the ^M characters from the file, run the following command:
Dos2unix s-cat.sh s-cat.sh
Issue: After the installation, importing SCAP templates to Secure Configuration Manager console fails. (Bug 937972)
Workaround: Restart NetIQ Core Services.
Secure Configuration Manager might inappropriately apply a risk score to Windows Server 2003 endpoints for security checks that do not apply to the endpoints or when the policy template report lists the endpoint as “unknown”. This issue occurs when you run an SCAP policy template containing checks that apply to multiple endpoint types against multiple endpoints, including a Windows Server 2003 endpoint. (Bug 953300)
Workaround: There is no workaround at this time.
Issue: The XCCDF Conversion utility incorrectly reports errors while converting XCCDF benchmark files to templates. The following messages are examples of the incorrect errors:
cpe USGCB-ie8-cpe-dictionary.xml Invalid Error on line 105 of document http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd: src-resolve: Cannot resolve the name 'xml:lang' to a(n) 'attribute declaration' component
cpe USGCB-Windows-7-firewall-cpe-dictionary.xml Invalid Error on line 105 of document http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd: src-resolve: Cannot resolve the name 'xml:lang' to a(n) 'attribute declaration' component
cpe irm-10.8.10-cpe-dictionary.xml Invalid Error on line 105 of document http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd: src-resolve: Cannot resolve the name 'xml:lang' to a(n) 'attribute declaration' component
(Bug 953314)
Workaround: Ignore these errors. Even though the messages report errors, the utility successfully creates the policy templates. You can import the templates and run them against endpoints displaying valid data.
Issue: If a managed group contains a combination of Windows XP and Windows Vista endpoints, exported SCAP results inaccurately report the number of endpoints per operating system type. This issue occurs because, when generating the XCCDF file, Secure Configuration Manager applies the type of the first reported endpoint to all endpoints in the group, such as Windows Vista. For example, the South Texas managed group contains three Windows XP endpoints and two Vista ones. You run an assessment against the South Texas group, export the results as XCCDF, and then run the FDCC Reporting Utility to generate a compliance report. The final report lists five Windows Vista endpoints and zero Windows XP systems. (Bug 953345)
Workaround: Create managed groups for each operating system type. You can nest managed groups within higher-level groups. For example, My Groups > South Texas > XP Laptops and My Groups > South Texas > Vista Laptops. Then run separate jobs against the lower-level groups, such as one job for the XP Laptops.
Issue: When you specify credentials for the Report Loader, Secure Configuration Manager displays asterisks for no more than 20 characters entered in the Password field. However, regardless of the asterisks displayed in the field, Secure Configuration Manager supports passwords up to 40 characters. (Bug 953348)
Workaround: There is no workaround at this time.
Issue: Creating FDCC compliance reports fails because you cannot export policy template reports to XCCDF format. (Bug 891524)
Workaround: There is no workaround at this time.