| Summary: | description shown with --list options is insufficient | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Marek Haicman <mhaicman> | |
| Component: | openscap-container | Assignee: | Martin Preisler <mpreisle> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Matus Marhefka <mmarhefk> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 7.4 | CC: | mmarhefk, wsato | |
| Target Milestone: | rc | Keywords: | Extras | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1439315 (view as bug list) | Environment: | ||
| Last Closed: | 2018-10-30 16:47:37 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
Items 1 and 2 were fixed upstream https://github.com/projectatomic/atomic/pull/953 And items 1 and 2 are tracked in Bug 1439315 So this erratum is just about item 3 Giving devel_ack+ for item 3, we won't track adding scanner description into atomic in this ticket, that has to be tracked separately. |
Description of problem: When scanner lists it's capabilities, descriptions of each scanner type should be clear about what is scanned. So user can check it for example in scap-workbench and read the rules. Also any property that is not obvious, but may affect users should be mentioned. Issues of current description. 1 - It is not stated, there is CVE OVAL baked-in the openscap container image, thus it is inherently outdated. 2 - It is not clear enough the standards_compliance use normal "Standard" profile of latest shipped Scap Security Guide. 3 - It would be nice to have some general information about the scanner [not scan_type description, but scanner description], where link to Red Hat Security Guide would reside. Version-Release number of selected component (if applicable): openscap-docker-7.3-4 How reproducible: reliably Steps to Reproduce: 1. atomic install rhel7/openscap 2. atomic scan --scanner openscap --list Actual results: ==== Scanner: openscap Image Name: rhel7/openscap Scan type: cve * Description: Performs a CVE scan based on known CVE data Scan type: standards_compliance Description: Performs a standard scan * denotes defaults ==== Expected results: ==== Scanner: openscap Description: Scanner using openscap toolset and scap-security-guide rules. For full documentation, see <link to Security guide section> Image Name: rhel7/openscap Scan type: cve * Description: Performs a CVE scan based on Red Hat released CVE OVAL. !Warning! This CVE is build into container image, and it might be out-of-date. Scan type: standards_compliance Description: Performs scan with Standard profile, as present in Scap Security Guide shipped in Red Hat Enterprise Linux. * denotes defaults ==== Additional info: