View Issue Details

IDProjectCategoryView StatusLast Update
0016717CentOS-8openscappublic2020-11-09 14:58
Reporterthaygiaoth Assigned To 
Status newResolutionopen 
Product Version8.0.1905 
Summary0016717: Add support CentOS 8 in CPE oval and dict
DescriptionHi everybody

Currently, there is no CentOS 8 platform in CPE when using

# oscap -V
OpenSCAP command line tool (oscap) 1.3.0
Community Enterprise Operating System 5 - cpe:/o:centos:centos:5
Community Enterprise Operating System 6 - cpe:/o:centos:centos:6
Community Enterprise Operating System 7 - cpe:/o:centos:centos:7
--> there is no CentOS 8!

CPE name of CentOS 8 is cpe:/o:centos:centos:8

# cat /etc/os-release

So we need to adding CentOS 8 platform so that oscap can detect it!
Steps To ReproduceIt's very easy!

1. /usr/share/openscap/cpe/openscap-cpe-dict.xml

Adding lines from 48 to 51

      <cpe-item name="cpe:/o:centos:centos:8">
            <title xml:lang="en-us">Community Enterprise Operating System 8</title>
            <check system="" href="openscap-cpe-oval.xml"></check>

2. /usr/share/openscap/cpe/openscap-cpe-oval.xml

Adding lines from 161 to 173

        <definition class="inventory" id="" version="1">
                        <title>Community Enterprise Operating System 8</title>
                        <affected family="unix">
                              <platform>Community Enterprise Operating System 8</platform>
                        <reference ref_id="cpe:/o:centos:centos:8" source="CPE"/>
                        <description>The operating system installed on the system is Community Enterprise Operating System 8</description>
                        <criterion comment="Community Enterprise Operating System 8 is installed" test_ref=""/>

Adding lines from 787 to 791

            <rpmverifyfile_test check_existence="at_least_one_exists" id="" version="1" check="at least one" comment="centos-release is version 8"
                  <object object_ref=""/>
                  <state state_ref=""/>

Adding lines from 1117 to 1120

        <rpmverifyfile_state id="" version="1" xmlns="">
                  <name operation="pattern match">^centos-release</name>
                  <version operation="pattern match">^8</version>
Additional InformationI uploaded them to my github repo
We can see additional lines at this link

I tested OK for my simple xccdf check and remediate on CentOS 8 platform

TagsNo tags attached.




2019-11-11 11:05


openscap-cpe-dict.xml (17,367 bytes)
openscap-cpe-oval.xml (90,925 bytes)


2020-11-09 14:23

reporter   ~0037859

How can I help to make this update happen? It is a really minor fix that should not take much time but would make it possible to run compliance tests out of the box, so I think many people would be grateful if CentOS could use OpenSCAP right away.


2020-11-09 14:58

reporter   ~0037860

OK, I think I found a way - I submitted the following PR to OpenSCAP:

Issue History

Date Modified Username Field Change
2019-11-11 11:05 thaygiaoth New Issue
2019-11-11 11:05 thaygiaoth File Added: openscap-cpe-dict.xml
2019-11-11 11:05 thaygiaoth File Added: openscap-cpe-oval.xml
2020-11-09 14:23 gm.outside Note Added: 0037859
2020-11-09 14:58 gm.outside Note Added: 0037860