I agree with the above analysis.
There is something else I have noticed... the openscap community
consists of several components, one of them implements security-guides
(scap content (checklists) to pass to oscap). xenial did not ship any
security-guide component. However, bionic does. Bionic also includes the
above mentioned changes.
In the past year the openscap community has made many improvements to the
security-guides including creating a small checklist specifically for
ubuntu-16.04. Bionic ships the security-guides in several packages,
- ssg-debderived (contains ubuntu-16.04 checklist)
- ssg-nondebian (contains rhel and sles checklists)
- ssg-debian (contains debian checklist)
It is possible ubuntu users will try several things using the ssg-debderived
package
- take the ubuntu-16.04 checklist file and try to run it on a xenial system
However, there are systemd checks in this xccdf. It is possible a bugreport
will be generated.
- try to run the ubuntu-16.04 checklists file on bionic.
This will fail because checklist file first looks to verify is a 16.04
system. A savvy user can modify the xccdf (checklist file) to recognize 18.04.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1782031
Title:
[SRU][xenial] Enable SCE option and systemd probe in libopenscap8
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1782031/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
