Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2081777

Summary: [RFE] Support the --local-files oscap argument
Product: Red Hat Satellite Reporter: Marek Hulan <mhulan>
Component: SCAP PluginAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED ERRATA QA Contact: addubey
Severity: medium Docs Contact: Zuzana Lena Ansorgova <zuansorg>
Priority: medium    
Version: 6.10.0CC: addubey, ahumbe, chrobert, cldavey, gtalreja, kborup, lstejska, mhulan, osousa, pbadguja, pcreech, sadas, satellite6-bugs, zuansorg
Target Milestone: 6.14.0Keywords: FutureFeature, Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rubygem-foreman_scap_client-0.5.1 Doc Type: Bug Fix
Doc Text:
.Local files are enabled in the SCAP client for newer systems Previously, on hosts running later minor releases of RHEL 8 and RHEL 9, the SCAP client ignored local SCAP resources. With this release, the SCAP client is configured also for the above-mentioned systems to look for local SCAP resources in the home directory of root (`/root`).
 Story Points: ---
Clone Of:
: 2211952 2227867 (view as bug list) Environment:
Last Closed: 2023-11-08 14:17:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
hotfix rpm
none
hotfix doc rpm none

Description Marek Hulan 2022-05-04 15:25:40 UTC 
Description of problem:

The new version of oscap 1.3.6, probably released around 8.6/9.0 will stop look at current working directory for the local cache of oval files. Instead it will provide explicit --local-files argument, that we'll have to start using to preserve the functionality. This has impact on the customers who use the solution from https://bugzilla.redhat.com/show_bug.cgi?id=1957288

Expected results:

Today we rely on the files being present in /root, the foreman_scap_client could just add such definition on the oscap >= 1.3.6. The directory may be configurable, but that would require also changes to ansible role and the puppet module to modify the config file. I think that is not mandatory for this RFE.

Additional info:

This should be a follow up of https://bugzilla.redhat.com/show_bug.cgi?id=1957288
Comment 1 Satyajit Das 2022-07-07 08:53:09 UTC 
Hello Team,

Any workaround available for now, using which we can pass the parameter( --local-files) in the config file (/etc/foreman_scap_client/config.yaml ), so that during the scan it should refer to the file and perform the checks and upload the report to the satellite.

Regards,
Comment 2 Marek Hulan 2022-08-24 18:35:53 UTC 
There is no easy workaround, the only way to make this work now is to manually patch the foreman_scap_client code on every client. This is the line, that needs to be modified

https://github.com/theforeman/foreman_scap_client/blob/master/lib/foreman_scap_client/client.rb#L39
Comment 11 Marek Hulan 2023-05-09 15:13:28 UTC 
The new version of foreman_scap_client 0.5.1 was released in the upstream and includes the fix.
Comment 13 Chris Roberts 2023-06-01 14:11:20 UTC 
Created attachment 1968314 [details]
hotfix rpm
Comment 14 Chris Roberts 2023-06-01 14:11:52 UTC 
Created attachment 1968315 [details]
hotfix doc rpm
Comment 15 Chris Roberts 2023-06-01 14:13:09 UTC 
Hotfix instructions:

1. Download the RPM's from the BZ to a folder on the satellite and cd to that directory
2. # yum localinstall *
3. # foreman-maintain service restart
Comment 16 Marek Hulan 2023-06-02 10:05:09 UTC 
This package is typically installed on scanned hosts, not Satellite itself. People need to distribute this to their hosts.
Comment 17 Leos Stejskal 2023-06-12 11:37:54 UTC 
Hi Patrick,
can we release a new snap of the client repo so QAs can test the change?
Comment 22 errata-xmlrpc 2023-11-08 14:17:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Satellite 6.14 security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:6818