Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

7.145. openscap


Updated openscap packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
OpenSCAP is an open source project, which enables integration of the Security Content Automation Protocol (SCAP) line of standards. SCAP is a line of standards managed by the National Institute of Standards and Technology (NIST). It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying presence of patches, checking system security configuration settings, and examining systems for signs of compromise.

Note

The openscap packages have been upgraded to upstream version 1.0.10, which provides a number of bug fixes and enhancements over the previous version. Updated version is fully API/ABI compatible with 1.0.x version which has been certified by the National Institute of Standards and Technology (NIST). (BZ#1152599)

Bug Fixes

BZ#1036741
Previously, the has_extended_acl feature was missing in the scripts that build OpenSCAP, which caused the OpenSCAP auditing tool to be unable to assess extended file system properties. This update fixes the build process of OpenSCAP to include has_extended_acl, and OpenSCAP is now again able to assess extended file system properties as intended.
BZ#1092013
When the Extensible Configuration Checklist Description Format (XCCDF) input content included an instruction to use a certain XCCDF variable with an undefined variable value, the OpenSCAP scanner could crash. With this update, the NULL pointer causing this bug is handled correctly when binding the XCCDF value to the OVAL variable, and the security scan now proceeds smoothly.
BZ#1192428
The OVAL standard requires that the var_check content XML attribute be included within any XML elements that have the var_ref attribute, which the OpenSCAP scanner did not always observe. As a consequence, the schematron validation of OVAL results returned a warning message to the user. The OVAL module has been fixed to export var_check explicitly whenever exporting var_ref, and the schematron validation now passes as expected.

Enhancement

BZ#1115114
To keep the installed package set to the minimum, the number of package dependencies of the OpenSCAP auditing tool has been reduced. With this update, the oscap tool is shipped within the newly created openscap-scanner package and the openscap-utils package remains to include miscellaneous tools. Users are advised to remove openscap-utils, if they no longer need other utilities except for the scanner.
Users of openscap are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.