[SRU] OpenSCAP packages should be updated to the latest versions on Ubuntu 14.04 and 16.04 LTS
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openscap (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
I have asked question about SCAP definitions for Ubuntu in 2014 with no result (see https:/
What we have today:
* OVAL definitions are placed on ubuntu-security (https:/
Expected results:
* User is able to scan system with oscap (from libopenscap1, libopenscap8 packages) against OVAL files.
Actual results:
* Ubuntu 14.04, 16.04 have very old OpenSCAP versions, which do not support OVAL files from ubuntu-security.
* User should compile openscap from git-repository and install it manually (see my comment 27 on https:/
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libopenscap1 (not installed)
ProcVersionSign
Uname: Linux 3.13.0-107-generic x86_64
ApportVersion: 2.0.1-0ubuntu17.15
Architecture: amd64
Date: Mon Jan 23 00:36:03 2017
InstallationMedia: Ubuntu 12.04.4 LTS "Precise Pangolin" - Release amd64 (20140204)
MarkForUpload: True
SourcePackage: openscap
UpgradeStatus: No upgrade log present (probably fresh install)
summary: |
[SRU] OpenSCAP packages should be updated to the latest versions on - Ubuntu 12.04 and 14.04 LTS + Ubuntu 14.04 and 16.04 LTS |
tags: | added: xenial |
description: | updated |
tags: | removed: precise trusty |
Steps to reproduce on Ubuntu 12.04.5 LTS: /people. canonical. com/~ubuntu- security/ oval/com. ubuntu. precise. cve.oval. xml precise. xml --report /tmp/report- precise. html /tmp/com. ubuntu. precise. cve.oval. xml
1. sudo apt-get install libopenscap1 # this will install 0.8.0-4build1
2. cd /tmp
3. wget https:/
4. oscap oval eval --results /tmp/results-
Expected result: precise. xml and /tmp/report- precise. html are produced.
Files /tmp/results-
Actual result: precise. xml and /tmp/report- precise. html are not produced. ubuntu. precise. cve.oval. xml' on line 12: Element '{http:// oval.mitre. org/XMLSchema/ oval-common- 5}schema_version': '5.11.1' is not a valid value of the atomic type 'xs:decimal'. ubuntu. precise. cve.oval. xml' on line 44: Element '{http:// oval.mitre. org/XMLSchema/ oval-common- 5}notes': This element is not expected. Expected is one of ( {http:// oval.mitre. org/XMLSchema/ oval-definition s-5}notes, {http:// oval.mitre. org/XMLSchema/ oval-definition s-5}criteria ). ubuntu. precise. cve.oval. xml' on line 284: Element '{http:// oval.mitre. org/XMLSchema/ oval-definition s-5}extend_ definition' , attribute 'applicability_ check': The attribute 'applicability_ check' is not allowed.
Files /tmp/results-
Got many errors such as
1 1824 In file '/tmp/com.
...
1 1871 In file '/tmp/com.
...
1 1866 In file '/tmp/com.
...
So oscap 0.8.0-4build1 is not compatible with com.ubuntu. precise. cve.oval. xml file.
Solution - build openscap from sources (see my comment 27 on https:/ /answers. launchpad. net/ubuntu/ +source/ openscap/ +question/ 242354).