Previous bug tracked the release of this RFE for RHEL 6, this bug tracks the release of this RFE for RHEL 5. This update requires openscap-utils >= 0.9.2 to be available, which is not yet true for RHEL 5. When an updated openscap-utils is available we can release this bug on RHEL 5. +++ This bug was initially created as a clone of Bug #872248 +++ Description of problem: oscap tool takes several command-line arguments, but spacewalk-oscap package whitelists only a few of them (it enables only those, which do not posse security risk for client system scanned by Satellite). New oscap tool brings couple of new features which might be benefitial for Satellite user running scan. Newly added command-line options are: (1) --cpe-dict and --cpe-dict2 These enable scanning with CPE dictionary. This is required growing number of SCAP contents. (To name few: STIG, USGCB, scap-security-guide) (2) --fetch-remote-resources This one enables fetching remote content from network. This is basically reqiured to scan USGCB conten (3) --datastream-id, --xccdf-id These are usefull when assising complex SCAP 1.2 DataStreams documents. These are not immediatelly benefitial as SDS documents with multiple xccdf-s or datastastreams are not yet common. Version-Release number of selected component (if applicable): spacewalk-oscap 0.0.10-1 How reproducible: deterministic Steps to Reproduce: 1. Schedule new OpenSCAP scan for machine. 2. Specify some of the new arguments 3. Actual results: New command-line options are forbiden. OpenSCAP scan proceeds wihout them Expected results: New command-line options are allowed. OpenSCAP scan proceeds with them. --- Additional comment from Šimon Lukašík on 2012-11-01 12:16:55 EDT --- spacewalk.git 365a4b0135985795e16fee0122a3ed87e9afbbf1 --- Additional comment from Šimon Lukašík on 2012-12-11 15:47:10 EST --- spacewalk.git 1a3f72077e3ec5bbaa786a4b9755e8f1be53357c
Is there a (public) update to this? Currently neither Satellite or RHEL5 have the ability to perform security scans mandated by the U.S. Government, many customers are interested in the roadmap to get this fixed. Thanks!
This bug was fixed with updated packages being released within the RHN Tools channels. RHN Tools (for Sat 5.6 GA) Errata text: https://rhn.redhat.com/errata/RHEA-2013-1391.html