0017996: Since upgrade to 8.3.2011 oscap scanner returns notapplicable for all test. - CentOS Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0017996	CentOS-8	openscap	public	2021-01-06 17:39	2021-01-08 10:52

Reporter	Hborrel
Priority	normal	Severity	major	Reproducibility	always
Status	new	Resolution	open
Product Version	8.3.2011
Target Version		Fixed in Version

Summary	0017996: Since upgrade to 8.3.2011 oscap scanner returns notapplicable for all test.
Description	All test fail with "Result notapplicable" x@y ~> sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg-centos8-ds-iserver/ssg-centos8-ds.xml WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL8.xml' points out to the remote 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml'. Use '--fetch-remote-resources' option to download it. WARNING: Skipping 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml' file which is referenced from datastream WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL8.xml file which is referenced from XCCDF content Title Install the pcsc-lite package Rule xccdf_org.ssgproject.content_rule_package_pcsc-lite_installed Result notapplicable Title Install the opensc Package For Multifactor Authentication Rule xccdf_org.ssgproject.content_rule_package_opensc_installed Result notapplicable Title Enable the pcscd Service Rule xccdf_org.ssgproject.content_rule_service_pcscd_enabled Result notapplicable
Steps To Reproduce	# oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg-centos8-ds-iserver/ssg-centos8-ds.xml
Additional Information	Worked on 8.2.2004 borrelli@iserverp1 ~> cat /etc/centos-release CentOS Linux release 8.2.2004 (Core) borrelli@iserverp1 ~> sudo oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg-centos8-ds-iserver/ssg-centos8-ds.xml WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL8.xml' points out to the remote 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml'. Use '--fetch-remote-resources' option to download it. WARNING: Skipping 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml' file which is referenced from datastream WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL8.xml file which is referenced from XCCDF content Title Install the pcsc-lite package Rule xccdf_org.ssgproject.content_rule_package_pcsc-lite_installed Result fail Title Install the opensc Package For Multifactor Authentication Rule xccdf_org.ssgproject.content_rule_package_opensc_installed Result fail Title Enable the pcscd Service Rule xccdf_org.ssgproject.content_rule_service_pcscd_enabled Result fail Title Configure opensc Smart Card Drivers Rule xccdf_org.ssgproject.content_rule_configure_opensc_card_drivers Result fail
Tags	No tags attached.

antaln 2021-01-08 10:52 reporter ~0038164	I noticed that centos-release package was renamed to centos-linux-release in Centos 8.3.2011. This caused some of my oscap oval evals to issue all false positives. I determined that oval and xccdf use rpm name of centos-release to determine if the applicable OS is running. I had to modify the oval files to account for the package name change. To maintainers, any idea why centos-release package was renamed?

Date Modified	Username	Field	Change
2021-01-06 17:39	Hborrel	New Issue
2021-01-08 10:52	antaln	Note Added: 0038164