View Issue Details

IDProjectCategoryView StatusLast Update
0017996CentOS-8openscappublic2021-01-08 10:52
ReporterHborrel 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version8.3.2011 
Target VersionFixed in Version 
Summary0017996: Since upgrade to 8.3.2011 oscap scanner returns notapplicable for all test.
DescriptionAll test fail with "Result notapplicable"


x@y ~> sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg-centos8-ds-iserver/ssg-centos8-ds.xml
WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL8.xml' points out to the remote 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml'. Use '--fetch-remote-resources' option to download it.
WARNING: Skipping 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml' file which is referenced from datastream
WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL8.xml file which is referenced from XCCDF content
Title Install the pcsc-lite package
Rule xccdf_org.ssgproject.content_rule_package_pcsc-lite_installed
Result notapplicable

Title Install the opensc Package For Multifactor Authentication
Rule xccdf_org.ssgproject.content_rule_package_opensc_installed
Result notapplicable

Title Enable the pcscd Service
Rule xccdf_org.ssgproject.content_rule_service_pcscd_enabled
Result notapplicable

Steps To Reproduce# oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg-centos8-ds-iserver/ssg-centos8-ds.xml
Additional InformationWorked on 8.2.2004

borrelli@iserverp1 ~> cat /etc/centos-release
CentOS Linux release 8.2.2004 (Core)
borrelli@iserverp1 ~> sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg-centos8-ds-iserver/ssg-centos8-ds.xml
WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL8.xml' points out to the remote 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml'. Use '--fetch-remote-resources' option to download it.
WARNING: Skipping 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml' file which is referenced from datastream
WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL8.xml file which is referenced from XCCDF content
Title Install the pcsc-lite package
Rule xccdf_org.ssgproject.content_rule_package_pcsc-lite_installed
Result fail

Title Install the opensc Package For Multifactor Authentication
Rule xccdf_org.ssgproject.content_rule_package_opensc_installed
Result fail

Title Enable the pcscd Service
Rule xccdf_org.ssgproject.content_rule_service_pcscd_enabled
Result fail

Title Configure opensc Smart Card Drivers
Rule xccdf_org.ssgproject.content_rule_configure_opensc_card_drivers
Result fail
TagsNo tags attached.

Activities

antaln

antaln

2021-01-08 10:52

reporter   ~0038164

I noticed that centos-release package was renamed to centos-linux-release in Centos 8.3.2011. This caused some of my oscap oval evals to issue all false positives.
I determined that oval and xccdf use rpm name of centos-release to determine if the applicable OS is running.
I had to modify the oval files to account for the package name change.

To maintainers, any idea why centos-release package was renamed?

Issue History

Date Modified Username Field Change
2021-01-06 17:39 Hborrel New Issue
2021-01-08 10:52 antaln Note Added: 0038164