872248 – RFE: spacewalk-oscap shall enable new features of OpenSCAP.

Bug 872248 - RFE: spacewalk-oscap shall enable new features of OpenSCAP.

Summary: RFE: spacewalk-oscap shall enable new features of OpenSCAP.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	Client
Sub Component:
Version:	550
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Michael Mráka
QA Contact:	Lukas Pramuk
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	889010 (view as bug list)
Depends On:	829349 871120 1007428
Blocks:	819027 922209
TreeView+	depends on / blocked

Reported:	2012-11-01 16:06 UTC by Šimon Lukašík
Modified:	2018-12-01 17:35 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Clones:	922209 (view as bug list)
Environment:
Last Closed:	2013-03-25 06:29:15 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2013:0676	0	normal	SHIPPED_LIVE	Red Hat Network Tools spacewalk-oscap enhancement update	2013-03-25 10:28:49 UTC

Description Šimon Lukašík 2012-11-01 16:06:42 UTC

Description of problem:
oscap tool takes several command-line arguments, but spacewalk-oscap
package whitelists only a few of them (it enables only those, which do
not posse security risk for client system scanned by Satellite). New
oscap tool brings couple of new features which might be benefitial for
Satellite user running scan.

Newly added command-line options are:
(1) --cpe-dict and --cpe-dict2 
These enable scanning with CPE dictionary. This is required growing
number of SCAP contents. (To name few: STIG, USGCB, scap-security-guide)
(2) --fetch-remote-resources
This one enables fetching remote content from network. This
is basically reqiured to scan USGCB conten
(3) --datastream-id, --xccdf-id
These are usefull when assising complex SCAP 1.2 DataStreams documents.
These are not immediatelly benefitial as SDS documents with multiple
xccdf-s or datastastreams are not yet common.

Version-Release number of selected component (if applicable):
spacewalk-oscap 0.0.10-1

How reproducible:
deterministic

Steps to Reproduce:
1. Schedule new OpenSCAP scan for machine.
2. Specify some of the new arguments
3.
  
Actual results:
New command-line options are forbiden. OpenSCAP scan proceeds wihout them

Expected results:
New command-line options are allowed. OpenSCAP scan proceeds with them.

Comment 2 Šimon Lukašík 2012-11-01 16:16:55 UTC

spacewalk.git 365a4b0135985795e16fee0122a3ed87e9afbbf1

Comment 4 Šimon Lukašík 2012-12-11 20:47:10 UTC

spacewalk.git 1a3f72077e3ec5bbaa786a4b9755e8f1be53357c

Comment 7 Šimon Lukašík 2013-01-31 16:12:53 UTC

*** Bug 889010 has been marked as a duplicate of this bug. ***

Comment 15 Stephen Herr 2013-03-15 18:00:13 UTC

Bug 922209 has been created as a clone of this RFE to track the release of updated packages for RHEL 5. This bug will track the release of updated packages for RHEL 6.

This update requires openscap-utils >= 0.9.2, which is currently available in RHEL 6 but not RHEL 5.

Comment 20 errata-xmlrpc 2013-03-25 06:29:15 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2013-0676.html

Note You need to log in before you can comment on or make changes to this bug.