| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0017996 | CentOS-8 | openscap | public | 2021-01-06 17:39 | 2021-01-08 10:52 |
| Reporter | Hborrel | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 8.3.2011 | ||||
| Summary | 0017996: Since upgrade to 8.3.2011 oscap scanner returns notapplicable for all test. | ||||
| Description | All test fail with "Result notapplicable" x@y ~> sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg-centos8-ds-iserver/ssg-centos8-ds.xml WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL8.xml' points out to the remote 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml'. Use '--fetch-remote-resources' option to download it. WARNING: Skipping 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml' file which is referenced from datastream WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL8.xml file which is referenced from XCCDF content Title Install the pcsc-lite package Rule xccdf_org.ssgproject.content_rule_package_pcsc-lite_installed Result notapplicable Title Install the opensc Package For Multifactor Authentication Rule xccdf_org.ssgproject.content_rule_package_opensc_installed Result notapplicable Title Enable the pcscd Service Rule xccdf_org.ssgproject.content_rule_service_pcscd_enabled Result notapplicable | ||||
| Steps To Reproduce | # oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg-centos8-ds-iserver/ssg-centos8-ds.xml | ||||
| Additional Information | Worked on 8.2.2004 borrelli@iserverp1 ~> cat /etc/centos-release CentOS Linux release 8.2.2004 (Core) borrelli@iserverp1 ~> sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg-centos8-ds-iserver/ssg-centos8-ds.xml WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL8.xml' points out to the remote 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml'. Use '--fetch-remote-resources' option to download it. WARNING: Skipping 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml' file which is referenced from datastream WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL8.xml file which is referenced from XCCDF content Title Install the pcsc-lite package Rule xccdf_org.ssgproject.content_rule_package_pcsc-lite_installed Result fail Title Install the opensc Package For Multifactor Authentication Rule xccdf_org.ssgproject.content_rule_package_opensc_installed Result fail Title Enable the pcscd Service Rule xccdf_org.ssgproject.content_rule_service_pcscd_enabled Result fail Title Configure opensc Smart Card Drivers Rule xccdf_org.ssgproject.content_rule_configure_opensc_card_drivers Result fail | ||||
| Tags | No tags attached. | ||||
 |
I noticed that centos-release package was renamed to centos-linux-release in Centos 8.3.2011. This caused some of my oscap oval evals to issue all false positives. I determined that oval and xccdf use rpm name of centos-release to determine if the applicable OS is running. I had to modify the oval files to account for the package name change. To maintainers, any idea why centos-release package was renamed? |
