2223178 – The /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml file contains reference to an URL that no longer exist.

Bug 2223178 - The /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml file contains reference to an URL that no longer exist.

Summary: The /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml file contains reference ...

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	9.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Vojtech Polasek
QA Contact:	Milan Lysonek
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2222984 (view as bug list)
Depends On:
Blocks:	2228469 2228470
TreeView+	depends on / blocked

Reported:	2023-07-16 08:39 UTC by mkenjale
Modified:	2023-08-16 09:14 UTC (History)
CC List:	11 users (show)
Fixed In Version:	scap-security-guide-0.1.69-1.el9
Doc Type:	Bug Fix
Doc Text:	.Red Hat CVE feeds have been moved The version 1 of Red Hat CVE feeds at https://access.redhat.com/security/data/oval/ has been sunset and replaced by the version 2 of the CVE feeds located at https://access.redhat.com/security/data/oval/v2/. Consequently, the links in SCAP source data streams provided by the `scap-security-guide` package have been updated to link the new version of the Red Hat CVE feeds.
Clone Of:
Clones:	2228469 2228470 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-162434	0	None	None	None	2023-07-16 08:40:48 UTC

Description mkenjale 2023-07-16 08:39:47 UTC

Description of problem:
-----------------------
# oscap info --fetch-remote-resources /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
Document type: Source Data Stream
Imported: 2023-07-16T13:38:03

Stream: scap_org.open-scap_datastream_from_xccdf_ssg-rhel9-xccdf.xml
Generated: (null)
Version: 1.3
Checklists:
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-xccdf.xml
Downloading: https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2 ... error
OpenSCAP Error: Download failed: HTTP response code said error: 404 [/builddir/build/BUILD/openscap-1.3.7/src/common/oscap_acquire.c:403]
Could not extract scap_org.open-scap_cref_ssg-rhel9-xccdf.xml with all dependencies from datastream. [/builddir/build/BUILD/openscap-1.3.7/src/DS/ds_sds_session.c:228]

Version-Release number of selected component (if applicable):
-------------------------------------------------------------
# rpm -q scap-security-guide
scap-security-guide-0.1.66-1.el9_1.noarch
# rpm -qf /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
scap-security-guide-0.1.66-1.el9_1.noarch

Steps to Reproduce:
-------------------
# oscap info --fetch-remote-resources /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml 

Actual results:
---------------
# oscap info --fetch-remote-resources /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
Document type: Source Data Stream
Imported: 2023-07-16T13:38:03

Stream: scap_org.open-scap_datastream_from_xccdf_ssg-rhel9-xccdf.xml
Generated: (null)
Version: 1.3
Checklists:
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-xccdf.xml
Downloading: https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2 ... error
OpenSCAP Error: Download failed: HTTP response code said error: 404 [/builddir/build/BUILD/openscap-1.3.7/src/common/oscap_acquire.c:403]
Could not extract scap_org.open-scap_cref_ssg-rhel9-xccdf.xml with all dependencies from datastream. [/builddir/build/BUILD/openscap-1.3.7/src/DS/ds_sds_session.c:228]

Expected results:
------------------
# oscap info --fetch-remote-resources /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
Document type: Source Data Stream
Imported: 2023-07-16T14:04:52

Stream: scap_org.open-scap_datastream_from_xccdf_ssg-rhel9-xccdf.xml
Generated: (null)
Version: 1.3
Checklists:
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-xccdf.xml
Downloading: https://access.redhat.com/security/data/oval/v2/RHEL9/rhel-9.oval.xml.bz2 ... ok
		Status: draft
		Generated: 2023-02-14
		Resolved: true
		Profiles:
			Title: ANSSI-BP-028 (enhanced)
				Id: xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
			Title: ANSSI-BP-028 (high)
				Id: xccdf_org.ssgproject.content_profile_anssi_bp28_high
			Title: ANSSI-BP-028 (intermediary)
				Id: xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
			Title: ANSSI-BP-028 (minimal)
				Id: xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
			Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Server
				Id: xccdf_org.ssgproject.content_profile_cis
			Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server
				Id: xccdf_org.ssgproject.content_profile_cis_server_l1
			Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Workstation
				Id: xccdf_org.ssgproject.content_profile_cis_workstation_l1
			Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Workstation
				Id: xccdf_org.ssgproject.content_profile_cis_workstation_l2
			Title: [DRAFT] Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)
				Id: xccdf_org.ssgproject.content_profile_cui
			Title: Australian Cyber Security Centre (ACSC) Essential Eight
				Id: xccdf_org.ssgproject.content_profile_e8
			Title: Health Insurance Portability and Accountability Act (HIPAA)
				Id: xccdf_org.ssgproject.content_profile_hipaa
			Title: Australian Cyber Security Centre (ACSC) ISM Official
				Id: xccdf_org.ssgproject.content_profile_ism_o
			Title: Protection Profile for General Purpose Operating Systems
				Id: xccdf_org.ssgproject.content_profile_ospp
			Title: PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 9
				Id: xccdf_org.ssgproject.content_profile_pci-dss
			Title: [DRAFT] DISA STIG for Red Hat Enterprise Linux 9
				Id: xccdf_org.ssgproject.content_profile_stig
			Title: [DRAFT] DISA STIG with GUI for Red Hat Enterprise Linux 9
				Id: xccdf_org.ssgproject.content_profile_stig_gui
		Referenced check files:
			ssg-rhel9-oval.xml
				system: http://oval.mitre.org/XMLSchema/oval-definitions-5
			ssg-rhel9-ocil.xml
				system: http://scap.nist.gov/schema/ocil/2
			security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2
				system: http://oval.mitre.org/XMLSchema/oval-definitions-5
Checks:
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-oval.xml
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-ocil.xml
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-cpe-oval.xml
	Ref-Id: scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2
Dictionaries:
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-cpe-dictionary.xml

Additional info:
---------------
Manually modifying the /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml file resolves the issue.

# cp /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml.backup

# vim /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml

# grep -n com.redhat.rhsa-RHEL9.xml.bz2 /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
16:          <cat:uri name="security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2" uri="#scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2"/>
24:      <ds:component-ref id="scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2" xlink:href="https://access.redhat.com/security/data/oval/v2/RHEL9/rhel-9.oval.xml.bz2"/>
21590:                <xccdf-1.2:check-content-ref href="security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2"/>

#  oscap info --fetch-remote-resources /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
Document type: Source Data Stream
Imported: 2023-07-16T14:04:52

Stream: scap_org.open-scap_datastream_from_xccdf_ssg-rhel9-xccdf.xml
Generated: (null)
Version: 1.3
Checklists:
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-xccdf.xml
Downloading: https://access.redhat.com/security/data/oval/v2/RHEL9/rhel-9.oval.xml.bz2 ... ok
		Status: draft
		Generated: 2023-02-14
		Resolved: true
		Profiles:
			Title: ANSSI-BP-028 (enhanced)
				Id: xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
			Title: ANSSI-BP-028 (high)
				Id: xccdf_org.ssgproject.content_profile_anssi_bp28_high
			Title: ANSSI-BP-028 (intermediary)
				Id: xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
			Title: ANSSI-BP-028 (minimal)
				Id: xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
			Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Server
				Id: xccdf_org.ssgproject.content_profile_cis
			Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server
				Id: xccdf_org.ssgproject.content_profile_cis_server_l1
			Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Workstation
				Id: xccdf_org.ssgproject.content_profile_cis_workstation_l1
			Title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Workstation
				Id: xccdf_org.ssgproject.content_profile_cis_workstation_l2
			Title: [DRAFT] Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)
				Id: xccdf_org.ssgproject.content_profile_cui
			Title: Australian Cyber Security Centre (ACSC) Essential Eight
				Id: xccdf_org.ssgproject.content_profile_e8
			Title: Health Insurance Portability and Accountability Act (HIPAA)
				Id: xccdf_org.ssgproject.content_profile_hipaa
			Title: Australian Cyber Security Centre (ACSC) ISM Official
				Id: xccdf_org.ssgproject.content_profile_ism_o
			Title: Protection Profile for General Purpose Operating Systems
				Id: xccdf_org.ssgproject.content_profile_ospp
			Title: PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 9
				Id: xccdf_org.ssgproject.content_profile_pci-dss
			Title: [DRAFT] DISA STIG for Red Hat Enterprise Linux 9
				Id: xccdf_org.ssgproject.content_profile_stig
			Title: [DRAFT] DISA STIG with GUI for Red Hat Enterprise Linux 9
				Id: xccdf_org.ssgproject.content_profile_stig_gui
		Referenced check files:
			ssg-rhel9-oval.xml
				system: http://oval.mitre.org/XMLSchema/oval-definitions-5
			ssg-rhel9-ocil.xml
				system: http://scap.nist.gov/schema/ocil/2
			security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2
				system: http://oval.mitre.org/XMLSchema/oval-definitions-5
Checks:
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-oval.xml
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-ocil.xml
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-cpe-oval.xml
	Ref-Id: scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL9.xml.bz2
Dictionaries:
	Ref-Id: scap_org.open-scap_cref_ssg-rhel9-cpe-dictionary.xml

Comment 1 Jan Černý 2023-07-19 08:16:21 UTC

A fix has been merged upstream by https://github.com/ComplianceAsCode/content/pull/10842.

Switching this BZ to a correct component.

Comment 2 Jan Černý 2023-07-24 09:22:42 UTC

*** Bug 2222984 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.