Just a placeholder to remind us when we get time :)

We are having an issue running the latest RHEL7 Benchmark out of our Satellite Server 6.10 (which uses OpenScap) Specifically, Satellite 6.10 now requires a Benchmark with the "xmlns:ds" namespace key in it, which the current SCAP 1.2 Benchmark doesn't have. It appears OpenSCAP made this change upstream a while ago, (OpenSCAP:master from xprazak2:validate-formats
on Aug 7, 2019) but only starting in 6.10's suite did it start enforcing it and giving an "import error" without it. RedHat help desk said...

"Datastream contains a "data-stream-collection" namespace and contains a key named "xmlns:ds" then it's a valid file otherwise it would be invalid."

Is there a conversion or workaround (possibly a SCAP 1.2 -> 1.3 converter) so the current RHEL7 Benchmark would be compatible with Satellite Server 6.10 which we are required to use starting this month? Without it, our ability to scan several hundred Linux workstations managed under Satellite will be significantly impaired.

r/ Marc

| Case Information |

https://urldefense.us/v3/__https://access.redhat.com/support/cases/*/case/03149735__;Iw!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-szfwFdFw$
Case Title : Error importing latest DISA Benchmark.xml files to run SCAP / Foreman scan
Case Number : 03149735
Case Open Date : 2022-02-14 16:19:27
Severity : 3 (Normal)
Problem Type : Defect / Bug
Product : Red Hat Satellite
Version : 6.10

Most recent comment: On 2022-02-17 08:20:57, Das, Satyajit commented:
"Hello Team,

I have an update from the internal team,

The reason the import is failing as the validation parameters are changed and this is due to the upstream PR https://urldefense.us/v3/__https://github.com/OpenSCAP/openscap_parser/pull/5__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-v74C0awg$ .

As I read from this PR, we validate the Datastream file based on the namespace and keys. If your Datastream contains a "data-stream-collection" namespace and contains a key named "xmlns:ds" then it's a valid file otherwise it would be invalid.

The file that you uploaded here doesn't contain this, so it throws the error "Invalid SCAP file type".

grep xmlns:ds /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml

<ds:data-stream-collection xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" xmlns:cpe-dict="http://cpe.mitre.org/dictionary/2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:html="http://www.w3.org/1999/xhtml" xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:linux="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:ocil="http://scap.nist.gov/schema/ocil/2.0" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:unix="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="scap_org.open-scap_collection_from_xccdf_ssg-rhel8-xccdf-1.2.xml" schematron-version="1.3">

This is the Datastream we ship for RHEL7 and you can see in the above we have a key named "xmlns:ds" available.

Still checking with the Engineering team for a workaround, you can also check with external vendor and ask if it is possible to regenerate the DS file with the new standard.

Regards,
Satyajit Das
Red Hat Global Support

Red Hat Satellite 6.10 was released on 16th November 2021 and Red Hat Satellite 6.7 has reached EOL on 30th November 2021, plan the upgrade soon if not done yet.
For more details related to Red Hat Satellite Product Life Cycle, refer to Red Hat Satellite Product Life Cycle

• Start proactively identifying and remediating risks across your Red Hat infrastructure with Red Hat Insights red.ht/Insights_start
• Simple Content Access (SCA) is a new entitlement experience that simplifies subscription management in Red Hat Satellite. Learn more about SCA here (https://urldefense.us/v3/__https://access.redhat.com/articles/simple-content-access__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-ulv7eqiQ$ )
  -------"

https://urldefense.us/v3/__https://access.redhat.com/support/cases/*/case/03149735?commentId=a0a2K00000eOkIqQAK__;Iw!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-tfqeFBCg$

A comment has been added to the case.

To ensure the best support experience possible, please note the following:

• Replying to this email should result in your comments being added to the case. However, we suggest adding comments to the case directly via the Customer Portal in case the email fails.
• When replying to this email, do not change the subject.
• Check to make sure you are replying to case emails from the email address that is listed as the case contact.
• Attachments cannot be added to a case via email. Attachments must be uploaded to a case directly.

Supporting success. Exceeding expectations.

Red Hat Support on Social Media: https://urldefense.us/v3/__https://access.redhat.com/social/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-tu1ljs0g$
Red Hat Customer Portal Discussions: https://urldefense.us/v3/__https://access.redhat.com/discussions/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-t2oQjy3g$
Red Hat Access Labs: https://urldefense.us/v3/__https://access.redhat.com/labs/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-uNNbvrjQ$

If you need immediate assistance, please refer to https://urldefense.us/v3/__https://access.redhat.com/support/contact/technicalSupport/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-s5BesdGw$

ref:_00DA0HxWH._5002K11fnPr:ref"

https://urldefense.us/v3/__https://access.redhat.com/support/cases/*/case/03149735?commentId=a0a2K00000eYeP2QAK__;Iw!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqkkWXWWRQ$

A comment has been added to the case.

To ensure the best support experience possible, please note the following:

• Replying to this email should result in your comments being added to the case. However, we suggest adding comments to the case directly via the Customer Portal in case the email fails.
• When replying to this email, do not change the subject.
• Check to make sure you are replying to case emails from the email address that is listed as the case contact.
• Attachments cannot be added to a case via email. Attachments must be uploaded to a case directly.

Supporting success. Exceeding expectations.

Red Hat Support on Social Media: https://urldefense.us/v3/__https://access.redhat.com/social/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqkYKWEbsw$
Red Hat Customer Portal Discussions: https://urldefense.us/v3/__https://access.redhat.com/discussions/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqlOqN5abw$
Red Hat Access Labs: https://urldefense.us/v3/__https://access.redhat.com/labs/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKql5xJpKjA$

If you need immediate assistance, please refer to https://urldefense.us/v3/__https://access.redhat.com/support/contact/technicalSupport/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqnaKmzgWg$

ref:_00DA0HxWH._5002K11fnPr:ref

Foreman and the insights group uses this gem. I'd be fine to put it in either org.

Hello guys,

Congratulation to the new gem! I noticed that functionality currently in the repo can be replicated by exiting openscap gem.

There must be some reasons why to start new project. So, I was curious if you have any write up about design deficiencies of existing solution or bug reports or other kind of data. If you can share any of your findings I would be more than happy to learn from those.

Thanks!