OSCAP command fails to evaluate on RHEL6 client machines after update of scap-security-guide if remote resource not available
Issue
-
With the RHEL7.8 version of scap-security-guide-0.1.46-11.el7.noarch, the scan of a RHEL6 server fails with:
oscap-ssh root@192.168.122.224 22 xccdf eval --results /rhel6_test.xml --report ./report.html /usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml Connecting to 'root@192.168.122.224' on port '22'... Red Hat Enterprise Linux Server release 6.9 (Santiago) Kernel \r on an \m root@192.168.122.224's password: Connected! Copying input file '/usr/share/xml/scap/ssg/content/ssg-rhel6-ds.xml' to remote working directory '/tmp/tmp.O6dJ5ejSnY'... ssg-rhel6-ds.xml 100% 18MB 7.3MB/s 00:02 Starting the evaluation... WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL6.xml' points out to the remote 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL6.xml.bz2'. Use '--fetch-remote-resources' option to download it. WARNING: Skipping 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL6.xml.bz2' file which is referenced from datastream OpenSCAP Error: Could not extract scap_org.open-scap_cref_ssg-rhel6-xccdf-1.2.xml with all dependencies from datastream. [ds_sds_session.c:211] oscap exit code: 1 Copying back requested files... scp: /tmp/tmp.O6dJ5ejSnY/results.xml: No such file or directory Failed to copy the results file back to local machine!
-
It works with
--fetch-remote-resources
option, but not if the resource is not downloadable (server not connected to internet for example).
Environment
- RHEL 6 - 7
- oscap
- scap-security-guide version 0.1.46-11
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.