Bug 1962624

Summary: [RFE] OVAL / CVE Reporting Support - Tech Preview MVP
Product: Red Hat Satellite Reporter: Marek Hulan <mhulan>
Component: SCAP PluginAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: Jameer Pathan <jpathan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.10.0CC: egolov, mhulan, oprazak
Target Milestone: 6.10.0Keywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rubygem-foreman_scap_client-0.5.0, tfm-rubygem-smart_proxy_openscap-0.9.0, tfm-rubygem-foreman_openscap-4.3.2, ansiblerole-foreman_scap_client-0.2.0 Doc Type: Technology Preview
Doc Text:
Package(s) providing the Technology Preview: foreman_opescap Description of the Technology Preview: The foreman_openscap contains the API the upload the OVAL content which can be used to trigger the OVAL oscap scans. The results are parsed for CVEs and sent to Satellite which can then render the report of hosts and their CVEs. There's currently no UI for this functionality.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-11-16 14:11:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marek Hulan 2021-05-20 12:14:24 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Evgeni Golov 2021-06-17 09:17:52 UTC 
foreman_openscap still needs a build
Comment 6 Jameer Pathan 2021-08-11 14:01:58 UTC 
Verified:

Verified with:
- Satellite 6.10.0 snap 12
- tfm-rubygem-openscap-0.4.9-5.el7sat.noarch
- tfm-rubygem-smart_proxy_openscap-0.9.1-1.el7sat.noarch
- rubygem-foreman_scap_client-0.5.0-1.el7sat.noarch

Test steps:
- Create oval content from a file.
- Create oval content from a remote resource.
- Read/update/delete oval content(s).
- Create/read/update/delete oval policy.
- Create hostgroup(s) with openscap capsule and foreman_scap_client ansible role.
- Assign policies to hostgroup(s).
- Assign hostgroup to content hosts.
- Run ansible role to configure openscap.
- Wait for cron job on content host to run OR run "foreman_scap_client oval <policy_id>" command.
- Enable lab feature. 
- Go to Lab features > OVAL Contents
- Go to Lab features > Oval policies > click on policy name > click on CVEs tab.


Observations:
- CRUD operations related to oval content and oval policies using related APIs completed successful.
- Oval report generated and uploaded to satellite.
- Oval content and oval policies are listed on satellite.
- CVEs are listed for affected hosts.
Comment 10 errata-xmlrpc 2021-11-16 14:11:01 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Satellite 6.10 Release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:4702