Re: Update openscap-daemon

To: Raphael Hertzog <hertzog@debian.org>, debian-security-tools@lists.debian.org, Philippe Thierry <phil@reseau-libre.net>
Cc: pollux@debian.org
Subject: Re: Update openscap-daemon
From: phil@reseau-libre.net
Date: Thu, 03 May 2018 09:53:00 +0200
Message-id: <[🔎] b59c788fcc8843859dc144e0c6a74f6e@reseau-libre.net>
Reply-to: phil@reseau-libre.net
In-reply-to: <20180426211341.GA8178@home.ouaza.com>
References: <20180426211341.GA8178@home.ouaza.com>

Hello Raphaël,

I took a look on the bug. The problem is that there is no morecpe-oval.xml file in libopenscap8.The /usr/share/openscap/cpe/ dir is empty, only keeping a READMEexplaining the following:


--------------[snip]------------------

This folder contains the default CPE dictionary and its associated OVALfile.


The CPE names inside are taken from official CPE dictionary found at
https://nvd.nist.gov/cpe.cfm with the following exceptions:

1) cpe:/o:redhat:enterprise_linux:6 (adapted from RHEL5 CPE name)

2) cpe:/o:fedoraproject:fedora:16 (taken from CPE_NAME in/etc/os-release on F16)3) cpe:/o:fedoraproject:fedora:17 (taken from CPE_NAME in/etc/os-release on F17)

--------------[snip]------------------

I dunno what is the best way to correct this, as openscap-daemon doesnot host a default CPE file in its sources. I'll discuss a little withPierre if there is a way to get back a CPE file from libopenscap8 ornot.The other way is to update the README.Debian in order to get back anofficial CPE XML file from the NIST website.The last way would be to require scap-security-guide (at least ssg-coreand one of others binary packages) to get back cpe files, but I'm notfan of that last possibility as there is not always a real reason todeploy this package on the computer/VM/container hosting oscapd.

Pierre : Can you confirm that there is no more CPE oval file distributedwith libopenscap in any way ?


Cheers,

On 2018-04-26 23:13, Raphael Hertzog wrote:

Hello Philippe,
I have prepared an update of the package in the git repository to fixtheRC bug and to switch to a new upstream release. But I noticed at thesame time
that the autopkgtests are not working currently.

I think the problem boils down to a bad default configuration:
Apr 26 20:57:57 debian oscapd[2615]: RuntimeError: Path
'/usr/share/openscap/cpe/openscap-cpe-oval.xml' given for the cpe-oval
file (config file entry: CPE OVAL) doesn't exist.
Can you look into fixing this so that we can release the updatedpackage?
Are you getting the bug reports on the package ? If not, pleasesubscribe to
it on https://tracker.debian.org/pkg/openscap-daemon

Thank you.


--
Philippe.

Reply to:

Follow-Ups:
- Re: Update openscap-daemon
  - From: Pierre Chifflier <pollux@debian.org>

Prev by Date: Re: new version of wifite
Next by Date: Re: Update openscap-daemon
Previous by thread: Re: Sponsor for grokevt [fixes FTBFS]
Next by thread: Re: Update openscap-daemon
Index(es):
- Date
- Thread