Este contenido no está disponible en el idioma seleccionado.

7.145. openscap


Updated openscap packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
OpenSCAP is an open source project, which enables integration of the Security Content Automation Protocol (SCAP) line of standards. SCAP is a line of standards managed by the National Institute of Standards and Technology (NIST). It was created to provide a standardized approach to maintaining the security of enterprise systems, such as automatically verifying presence of patches, checking system security configuration settings, and examining systems for signs of compromise.

Note

The openscap packages have been upgraded to upstream version 1.0.10, which provides a number of bug fixes and enhancements over the previous version. Updated version is fully API/ABI compatible with 1.0.x version which has been certified by the National Institute of Standards and Technology (NIST). (BZ#1152599)

Bug Fixes

BZ#1036741
Previously, the has_extended_acl feature was missing in the scripts that build OpenSCAP, which caused the OpenSCAP auditing tool to be unable to assess extended file system properties. This update fixes the build process of OpenSCAP to include has_extended_acl, and OpenSCAP is now again able to assess extended file system properties as intended.
BZ#1092013
When the Extensible Configuration Checklist Description Format (XCCDF) input content included an instruction to use a certain XCCDF variable with an undefined variable value, the OpenSCAP scanner could crash. With this update, the NULL pointer causing this bug is handled correctly when binding the XCCDF value to the OVAL variable, and the security scan now proceeds smoothly.
BZ#1192428
The OVAL standard requires that the var_check content XML attribute be included within any XML elements that have the var_ref attribute, which the OpenSCAP scanner did not always observe. As a consequence, the schematron validation of OVAL results returned a warning message to the user. The OVAL module has been fixed to export var_check explicitly whenever exporting var_ref, and the schematron validation now passes as expected.

Enhancement

BZ#1115114
To keep the installed package set to the minimum, the number of package dependencies of the OpenSCAP auditing tool has been reduced. With this update, the oscap tool is shipped within the newly created openscap-scanner package and the openscap-utils package remains to include miscellaneous tools. Users are advised to remove openscap-utils, if they no longer need other utilities except for the scanner.
Users of openscap are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.