Test failing in build 4001 with no clear explanation

General support questions for the Secutor Prime product.
tegist
Contributor
Posts: 14
Joined: Thu Jul 22, 2010 1:20 pm

Test failing in build 4001 with no clear explanation

Postby tegist » Tue Mar 01, 2011 11:57 am

Secutor Prime Pro builld 4001, installed with "Install embedded JRE only if a siutable one is not installed", vm directory present in the Secutor directory in Program Files (X86), Windows Server 2008 R2, SCAP files from Microsoft's Security Compliance Manager.

I'm getting errors where Secutor 4 complains about insufficient privileges. Secutor 3 passed everything, whether it should have or not.

Here's an example:

SCAP file setting from Microsoft SCM is "No auditing"

Results from Build 4001 (regardless of value of the setting)

oval:microsoft.com:def:519 (compliance)
Audit Policy: Account Logon: Kerberos Service Ticket Operations
Product: Windows



---- Result: error ----

*** BEGIN **************************************************************************

oval:microsoft.com:tst:19 [error] (Audit Policy: Account Logon: Kerberos Service Ticket Operations)

---- ERROR ----
*** END **************************************************************************





oval:microsoft.com:tst:19 -- The Account Logon audit category generates events for credential validation.
AuditEventPolicySubcats: No data. Possible cause: insufficient rights.
--- Result: error

==================================================================================

Results from Build 3032 with setting not configured (which should generate a pass)

oval:microsoft.com:def:519 (compliance)
Audit Policy: Account Logon: Kerberos Service Ticket Operations
Product: Windows



---- Result: pass ----

*** BEGIN **************************************************************************

oval:microsoft.com:tst:19 [true] (Audit Policy: Account Logon: Kerberos Service Ticket Operations)

---- TRUE ----
*** END **************************************************************************





oval:microsoft.com:tst:19 -- The Account Logon audit category generates events for credential validation.
Findings: kerberos_ticket_events is set to AUDIT_NONE (no auditing).
--- Result: true

==================================================================================


Results from Build 3032 with setting set to audit success and failure (Which should generate a fail)

oval:microsoft.com:def:519 (compliance)
Audit Policy: Account Logon: Kerberos Service Ticket Operations
Product: Windows



---- Result: pass ----

*** BEGIN **************************************************************************

oval:microsoft.com:tst:19 [true] (Audit Policy: Account Logon: Kerberos Service Ticket Operations)

---- TRUE ----
*** END **************************************************************************





oval:microsoft.com:tst:19 -- The Account Logon audit category generates events for credential validation.
Findings: kerberos_ticket_events is set to AUDIT_NONE (no auditing).
--- Result: true

==================================================================================

Any suggestions?
Tom

gunnar
Site Admin
Posts: 81
Joined: Fri Feb 23, 2007 8:08 pm
Contact:

Postby gunnar » Tue Mar 01, 2011 3:38 pm

Tom, thanks for pointing this one out. It looks like this is a case where one of the possible result values is not being correctly interpreted, which is most likely a bug on our part. If that's the case we'll do a fix and put out a Prime update to take care of it.


Return to “Secutor Prime Support”

Who is online

Users browsing this forum: No registered users and 2 guests