View Issue Details

IDProjectCategoryView StatusLast Update
0016717CentOS-8openscappublic2019-11-11 11:05
Reporterthaygiaoth 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version8.0.1905 
Target VersionFixed in Version 
Summary0016717: Add support CentOS 8 in CPE oval and dict
DescriptionHi everybody

Currently, there is no CentOS 8 platform in CPE when using

# oscap -V
OpenSCAP command line tool (oscap) 1.3.0
...
Community Enterprise Operating System 5 - cpe:/o:centos:centos:5
Community Enterprise Operating System 6 - cpe:/o:centos:centos:6
Community Enterprise Operating System 7 - cpe:/o:centos:centos:7
--> there is no CentOS 8!
...

CPE name of CentOS 8 is cpe:/o:centos:centos:8

# cat /etc/os-release
...
CPE_NAME="cpe:/o:centos:centos:8"
...

So we need to adding CentOS 8 platform so that oscap can detect it!
Steps To ReproduceIt's very easy!

1. /usr/share/openscap/cpe/openscap-cpe-dict.xml

Adding lines from 48 to 51

      <cpe-item name="cpe:/o:centos:centos:8">
            <title xml:lang="en-us">Community Enterprise Operating System 8</title>
            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.rhel:def:1008</check>
      </cpe-item>

2. /usr/share/openscap/cpe/openscap-cpe-oval.xml

Adding lines from 161 to 173

        </definition>
        <definition class="inventory" id="oval:org.open-scap.cpe.rhel:def:1008" version="1">
                  <metadata>
                        <title>Community Enterprise Operating System 8</title>
                        <affected family="unix">
                              <platform>Community Enterprise Operating System 8</platform>
                        </affected>
                        <reference ref_id="cpe:/o:centos:centos:8" source="CPE"/>
                        <description>The operating system installed on the system is Community Enterprise Operating System 8</description>
                  </metadata>
                  <criteria>
                        <criterion comment="Community Enterprise Operating System 8 is installed" test_ref="oval:org.open-scap.cpe.rhel:tst:1008"/>
                  </criteria>

Adding lines from 787 to 791

        </rpmverifyfile_test>
            <rpmverifyfile_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:1008" version="1" check="at least one" comment="centos-release is version 8"
                  xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                  <object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/>
                  <state state_ref="oval:org.open-scap.cpe.rhel:ste:1008"/>

Adding lines from 1117 to 1120

        </rpmverifyfile_state>
        <rpmverifyfile_state id="oval:org.open-scap.cpe.rhel:ste:1008" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux">
                  <name operation="pattern match">^centos-release</name>
                  <version operation="pattern match">^8</version>
Additional InformationI uploaded them to my github repo
We can see additional lines at this link
https://github.com/thaygiaoth/el_lab/commit/e44eaba7875c8be737a96b7cb8a86b49b98ad5a9

I tested OK for my simple xccdf check and remediate on CentOS 8 platform

Tks
TagsNo tags attached.

Activities

thaygiaoth

thaygiaoth

2019-11-11 11:05

reporter  

openscap-cpe-dict.xml (17,367 bytes)
openscap-cpe-oval.xml (90,925 bytes)

Issue History

Date Modified Username Field Change
2019-11-11 11:05 thaygiaoth New Issue
2019-11-11 11:05 thaygiaoth File Added: openscap-cpe-dict.xml
2019-11-11 11:05 thaygiaoth File Added: openscap-cpe-oval.xml