How to execute oscap rules requiring remote resources when the system has no access to www.redhat.com
Issue
-
My system has no access to the Internet, preventing me from executing rules requiring remote resources, as shown in the example below when scanning a RHEL8 system
# oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_stig --rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml WARNING: Datastream component 'scap_org.open-scap_cref_security-data-oval-com.redhat.rhsa-RHEL8.xml' points out to the remote 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml'. Use '--fetch-remote-resources' option to download it. WARNING: Skipping 'https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml' file which is referenced from datastream WARNING: Skipping ./security-data-oval-com.redhat.rhsa-RHEL8.xml file which is referenced from XCCDF content Title Ensure Software Patches Installed Rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date Ident CCE-80865-9 Result notchecked
Environment
- Red Hat Enterprise Linux 7 and later
- oscap
- offline systems
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.