Hi Shawn,
On Sun, Jun 2, 2019 at 8:25 PM Shawn Wells <[email protected]> wrote: > Attempting to use the RHEL 8 data streams, but even 'oscap info' fails > using the latest release [0]: > This is an issue in OpenSCAP. OpenSCAP can't process datastreams that contain a `component-ref` element that references content from internet without providing `--fetch-remote-resources` on the command line. We reference remote content in rule "Security patches are up to date". Using `component-ref` element to reference remote content is required by SCAP 1.3 standard. As a workaround, add `--fetch-remote-resources` to the `oscap` call. This issue has already been fixed in upstream in https://github.com/OpenSCAP/openscap/pull/1324. > > > # oscap info /usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.3.xml > > Document type: Source Data Stream > > Imported: 2019-06-02T11:16:07 > > > > Stream: scap_org.open-scap_datastream_from_xccdf_ssg-rhel8-xccdf-1.2.xml > > Generated: (null) > > Version: 1.3 > > Checklists: > > Ref-Id: scap_org.open-scap_cref_ssg-rhel8-xccdf-1.2.xml > > WARNING: Datastream component > > > 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL8.xml.bz2' > > points out to the remote > > 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2'. > > > Use '--fetch-remote-resources' option to download it. > > WARNING: Skipping > > 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2' > > > file which is referenced from datastream > > OpenSCAP Error: Could not extract > > scap_org.open-scap_cref_ssg-rhel8-xccdf-1.2.xml with all dependencies > > from datastream. [ds_sds_session.c:211] > > > Looking at the ssg-rhel8-ds-1.3 file there are lots of mentions to SCAP > 1.2 instead of 1.3? > If it's related to XCCDF 1.2, then it's correct (surprisingly), because SCAP 1.3 standard contains XCCDF 1.2, not XCCDF 1.3. See https://csrc.nist.gov/Projects/Security-Content-Automation-Protocol/SCAP-Releases/SCAP-1-3 , section "Languages", However, this seems to be wrong: <ns10:Benchmark id="xccdf_org.ssgproject.content_benchmark_RHEL-8" resolved="1" style="SCAP_1.2"> Nice catch! Thanks. > > > [0] > > https://github.com/ComplianceAsCode/content/releases/download/v0.1.44/scap-security-guide-0.1.44-redhat-SCAP-1.3.zip > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > -- Jan Černý Security Technologies | Red Hat, Inc.
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
