0016717: Add support CentOS 8 in CPE oval and dict - CentOS Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0016717	CentOS-8	openscap	public	2019-11-11 11:05	2020-11-09 14:58

Reporter	thaygiaoth	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open
Product Version	8.0.1905

Summary	0016717: Add support CentOS 8 in CPE oval and dict
Description	Hi everybody Currently, there is no CentOS 8 platform in CPE when using # oscap -V OpenSCAP command line tool (oscap) 1.3.0 ... Community Enterprise Operating System 5 - cpe:/o:centos:centos:5 Community Enterprise Operating System 6 - cpe:/o:centos:centos:6 Community Enterprise Operating System 7 - cpe:/o:centos:centos:7 --> there is no CentOS 8! ... CPE name of CentOS 8 is cpe:/o:centos:centos:8 # cat /etc/os-release ... CPE_NAME="cpe:/o:centos:centos:8" ... So we need to adding CentOS 8 platform so that oscap can detect it!
Steps To Reproduce	It's very easy! 1. /usr/share/openscap/cpe/openscap-cpe-dict.xml Adding lines from 48 to 51 <cpe-item name="cpe:/o:centos:centos:8"> <title xml:lang="en-us">Community Enterprise Operating System 8</title> <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="openscap-cpe-oval.xml">oval:org.open-scap.cpe.rhel:def:1008</check> </cpe-item> 2. /usr/share/openscap/cpe/openscap-cpe-oval.xml Adding lines from 161 to 173 </definition> <definition class="inventory" id="oval:org.open-scap.cpe.rhel:def:1008" version="1"> <metadata> <title>Community Enterprise Operating System 8</title> <affected family="unix"> <platform>Community Enterprise Operating System 8</platform> </affected> <reference ref_id="cpe:/o:centos:centos:8" source="CPE"/> <description>The operating system installed on the system is Community Enterprise Operating System 8</description> </metadata> <criteria> <criterion comment="Community Enterprise Operating System 8 is installed" test_ref="oval:org.open-scap.cpe.rhel:tst:1008"/> </criteria> Adding lines from 787 to 791 </rpmverifyfile_test> <rpmverifyfile_test check_existence="at_least_one_exists" id="oval:org.open-scap.cpe.rhel:tst:1008" version="1" check="at least one" comment="centos-release is version 8" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> <object object_ref="oval:org.open-scap.cpe.redhat-release:obj:3"/> <state state_ref="oval:org.open-scap.cpe.rhel:ste:1008"/> Adding lines from 1117 to 1120 </rpmverifyfile_state> <rpmverifyfile_state id="oval:org.open-scap.cpe.rhel:ste:1008" version="1" xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux"> <name operation="pattern match">^centos-release</name> <version operation="pattern match">^8</version>
Additional Information	I uploaded them to my github repo We can see additional lines at this link https://github.com/thaygiaoth/el_lab/commit/e44eaba7875c8be737a96b7cb8a86b49b98ad5a9 I tested OK for my simple xccdf check and remediate on CentOS 8 platform Tks
Tags	No tags attached.

thaygiaoth 2019-11-11 11:05 reporter	openscap-cpe-dict.xml (17,367 bytes) openscap-cpe-oval.xml (90,925 bytes)

gm.outside 2020-11-09 14:23 reporter ~0037859	How can I help to make this update happen? It is a really minor fix that should not take much time but would make it possible to run compliance tests out of the box, so I think many people would be grateful if CentOS could use OpenSCAP right away.

gm.outside 2020-11-09 14:58 reporter ~0037860	OK, I think I found a way - I submitted the following PR to OpenSCAP: https://github.com/OpenSCAP/openscap/pull/1622

Date Modified	Username	Field	Change
2019-11-11 11:05	thaygiaoth	New Issue
2019-11-11 11:05	thaygiaoth	File Added: openscap-cpe-dict.xml
2019-11-11 11:05	thaygiaoth	File Added: openscap-cpe-oval.xml
2020-11-09 14:23	gm.outside	Note Added: 0037859
2020-11-09 14:58	gm.outside	Note Added: 0037860