openscap / openscap_parser Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Just a placeholder to remind us when we get time :)
Foreman and the insights group uses this gem. I'd be fine to put it in either org.
Hello guys,
Congratulation to the new gem! I noticed that functionality currently in the repo can be replicated by exiting openscap gem.
There must be some reasons why to start new project. So, I was curious if you have any write up about design deficiencies of existing solution or bug reports or other kind of data. If you can share any of your findings I would be more than happy to learn from those.
Thanks!
We are having an issue running the latest RHEL7 Benchmark out of our Satellite Server 6.10 (which uses OpenScap) Specifically, Satellite 6.10 now requires a Benchmark with the "xmlns:ds" namespace key in it, which the current SCAP 1.2 Benchmark doesn't have. It appears OpenSCAP made this change upstream a while ago, (OpenSCAP:master from xprazak2:validate-formats
on Aug 7, 2019) but only starting in 6.10's suite did it start enforcing it and giving an "import error" without it. RedHat help desk said...
"Datastream contains a "data-stream-collection" namespace and contains a key named "xmlns:ds" then it's a valid file otherwise it would be invalid."
Is there a conversion or workaround (possibly a SCAP 1.2 -> 1.3 converter) so the current RHEL7 Benchmark would be compatible with Satellite Server 6.10 which we are required to use starting this month? Without it, our ability to scan several hundred Linux workstations managed under Satellite will be significantly impaired.
r/ Marc
https://urldefense.us/v3/__https://access.redhat.com/support/cases/*/case/03149735__;Iw!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-szfwFdFw$
Case Title : Error importing latest DISA Benchmark.xml files to run SCAP / Foreman scan
Case Number : 03149735
Case Open Date : 2022-02-14 16:19:27
Severity : 3 (Normal)
Problem Type : Defect / Bug
Product : Red Hat Satellite
Version : 6.10
Most recent comment: On 2022-02-17 08:20:57, Das, Satyajit commented:
"Hello Team,
I have an update from the internal team,
The reason the import is failing as the validation parameters are changed and this is due to the upstream PR https://urldefense.us/v3/__https://github.com/OpenSCAP/openscap_parser/pull/5__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-v74C0awg$ .
As I read from this PR, we validate the Datastream file based on the namespace and keys. If your Datastream contains a "data-stream-collection" namespace and contains a key named "xmlns:ds" then it's a valid file otherwise it would be invalid.
The file that you uploaded here doesn't contain this, so it throws the error "Invalid SCAP file type".
<ds:data-stream-collection xmlns:cat="urn:oasis:names:tc:entity:xmlns:xml:catalog" xmlns:cpe-dict="http://cpe.mitre.org/dictionary/2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:ds="http://scap.nist.gov/schema/scap/source/1.2" xmlns:html="http://www.w3.org/1999/xhtml" xmlns:ind="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" xmlns:linux="http://oval.mitre.org/XMLSchema/oval-definitions-5#linux" xmlns:ocil="http://scap.nist.gov/schema/ocil/2.0" xmlns:oval="http://oval.mitre.org/XMLSchema/oval-common-5" xmlns:oval-def="http://oval.mitre.org/XMLSchema/oval-definitions-5" xmlns:unix="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="scap_org.open-scap_collection_from_xccdf_ssg-rhel8-xccdf-1.2.xml" schematron-version="1.3">
This is the Datastream we ship for RHEL7 and you can see in the above we have a key named "xmlns:ds" available.
Still checking with the Engineering team for a workaround, you can also check with external vendor and ask if it is possible to regenerate the DS file with the new standard.
Red Hat Satellite 6.10 was released on 16th November 2021 and Red Hat Satellite 6.7 has reached EOL on 30th November 2021, plan the upgrade soon if not done yet.
For more details related to Red Hat Satellite Product Life Cycle, refer to Red Hat Satellite Product Life Cycle
A comment has been added to the case.
To ensure the best support experience possible, please note the following:
Supporting success. Exceeding expectations.
Red Hat Support on Social Media: https://urldefense.us/v3/__https://access.redhat.com/social/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-tu1ljs0g$
Red Hat Customer Portal Discussions: https://urldefense.us/v3/__https://access.redhat.com/discussions/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-t2oQjy3g$
Red Hat Access Labs: https://urldefense.us/v3/__https://access.redhat.com/labs/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-uNNbvrjQ$
If you need immediate assistance, please refer to https://urldefense.us/v3/__https://access.redhat.com/support/contact/technicalSupport/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-s5BesdGw$
ref:_00DA0HxWH._5002K11fnPr:ref"
A comment has been added to the case.
To ensure the best support experience possible, please note the following:
Supporting success. Exceeding expectations.
Red Hat Support on Social Media: https://urldefense.us/v3/__https://access.redhat.com/social/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqkYKWEbsw$
Red Hat Customer Portal Discussions: https://urldefense.us/v3/__https://access.redhat.com/discussions/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqlOqN5abw$
Red Hat Access Labs: https://urldefense.us/v3/__https://access.redhat.com/labs/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKql5xJpKjA$
If you need immediate assistance, please refer to https://urldefense.us/v3/__https://access.redhat.com/support/contact/technicalSupport/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqnaKmzgWg$
ref:_00DA0HxWH._5002K11fnPr:ref
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.