Hi Robie, Yes, you are correct.
This SRU enables 2 things. First, it enables systemd probes/schema. The user would have to have oval code that implements this schema/probe for it to be used. So, several things are likely: 1. users did not implement code using this schema since it was unavailable. 2. if there were codes using this schema, and they were not commented out, the results probably came back "unknown" since it was not available. Enabling this systemd probe/schema, users with #1 scenario will not notice anything. users with #2 scenario will now have those particular checks come back with "pass" or "fail" instead of "unknown". The 2nd thing it enables is the script-check-engine (SCE), which allows oscap to include bash or python scripts to assist in scans/checks. The xccdf/xml code has to explicitly call a particular script. And the script would have had to been written for the xccdf. So several things are likely: 1. user's implemented xccdf code without using this feature since it is not available. These users won't see any change when this is enabled. 2. user's xccdf code does call particular scripts. As of now, these checks will always result in a "notchecked" since SCE is not there. When this feature is enabled, for these users, the check will then come back as "pass" or "fail" instead of "notchecked". In all these scenarios, existing checks that do not implement sce or systemd schemas will continue as they always have and will not be impacted. Hopefully this is all ok? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1782031 Title: [SRU][xenial] Enable SCE option and systemd probe in libopenscap8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1782031/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
