How to execute oscap rules requiring remote resources when the system has no access to

Solution Verified - Updated -


  • My system has no access to the Internet, preventing me from executing rules requiring remote resources, as shown in the example below when scanning a RHEL8 system

    # oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
    WARNING: Datastream component '' points out to the remote ''. Use '--fetch-remote-resources' option to download it.
    WARNING: Skipping '' file which is referenced from datastream
    WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL8.xml file which is referenced from XCCDF content
    Title   Ensure Software Patches Installed
    Rule    xccdf_org.ssgproject.content_rule_security_patches_up_to_date
    Ident   CCE-80865-9
    Result  notchecked


  • Red Hat Enterprise Linux 7 and later
    • oscap
    • offline systems

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content