Hi William, it seems that you are using the option to fetch remote resources when performing a scan. This feature requires access to a remote server which hosts this extra file (which usually is used to check CVE's [1]). One way to workaround this would be hosting this file by yourself and change the datastream [2] to point to your localhost file (python3 enable you to do that in a simple way. python3 -m http.server), but keep in mind that updating this file would be under your control.
If you have further questions, please let me know. [1] https://github.com/ComplianceAsCode/content/blob/master/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml#L60 [2] /usr/share/xml/scap/ssg/ssg-<product>-ds.xml or /usr/share/xml/scap/ssg/ssg-<product>-xccdf.xml On Mon, May 6, 2019 at 10:47 PM Boucher, William <william.bouc...@mza.com> wrote: > Hi folks, > > > > I’m using SCAP Workbench with Open SCAP to remediate CentOS 7.5 (actually > RedHawk 7.5) systems to evaluate and apply the DISA STIG controls. > > > > My problem isn’t in getting this to work, I’m networked to the system I am > applying controls to and remediation and report generation works fine. > > > > However, when SCAP Workbench begins a scan it downloads the latest rules > from the internet and uses the downloaded material to perform, the > scan/remediation. > > > > This is fine for trying things out, but ultimately what I need this for is > to harden systems that may not ever touch or be connected to the internet. > > > > How can I configure SCAP Workbench to use files I download elsewhere and > installed manually on the system running SCAP Workbench. > > > > All of these wonderful tools are useless to me unless I can do this > without internet. The customer demands this. > > > > Help. > > > > Thanks, > > > > --Bill > > > > William B. Boucher, BSEE > > Embedded Systems Software Engineer > Information Systems Security Manager > > MZA Associates Corporation > > 4900 Lang Ave. NE, Suite 100 > > Albuquerque, NM 87109-9708 > > Phone: 505.245.9970 x166 > > Fax: 505.245.9971 > > Cell: 505.459.7620 > > *william.bouc...@mza.com <william.bouc...@mza.com>* > > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list -- Gabriel Gaspar Becker Software Engineer Red Hat <https://www.redhat.com> <https://red.ht/sig>
_______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
