group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1782031] Re: [SRU][xenial] Enable SCE option and systemd probe in libopenscap8

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1782031@xxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Oct 2018 08:26:27 -0000
Reply-to: Bug 1782031 <1782031@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package openscap - 1.2.8-1ubuntu0.1

---------------
openscap (1.2.8-1ubuntu0.1) xenial; urgency=medium

  * Enable both systemd probes and SCE. (LP: #1782031)
    - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852826
    - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853995

 -- Joy Latten <joy.latten@xxxxxxxxxxxxx>  Mon, 16 Jul 2018 17:05:18
-0500

** Changed in: openscap (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1782031

Title:
  [SRU][xenial] Enable SCE option and systemd probe in libopenscap8

Status in openscap package in Ubuntu:
  Fix Released
Status in openscap source package in Xenial:
  Fix Released
Status in openscap source package in Bionic:
  Fix Released
Status in openscap package in Debian:
  Fix Released

Bug description:
  [Impact]

  Canonical security certification team is automating Ubuntu specific
  security hardening guides using Security Content Automation Protcol
  (SCAP). SCAP requires Open Vulnerability and Assessment Language
  (xccdf and xml) to implement SCAP content.

  The openSCAP implementation processes SCAP content, but has been
  extended to also process python and bash scripts via a Script Check
  Engine (SCE). This ability to process bash and python scripts is
  needed because OVAL is somewhat limited in what it can do. We have had
  to write a few python and bash scripts.

  SCE is not enabled by default, and will require the addition of the
  "--enable-sce" option in the "debian/rules" file to turn it on.

  There are security hardening rules for systemd. There is also OVAL
  schema implemented as "probes" in openSCAP. The systemd probe to be
  enabled requires libdbus-1-dev during build. This would be set in the
  debian/control file

  The attached patch has all the necessary code change.

  These 2 changes were made in more current versions of libopenscap8 in
  Debian as indicated above. As a result, Artful, Bionic and Cosmic also
  have these changes. The automation we are working on is required for
  Xenial though.

  [Test Case]

  1. run the command "oscap --v", and should see following with SEC
  option enabled,

     ==== Capabilities added by auto-loaded plugins ====
     SCE Version: 1.0 (from libopenscap_sce.so.8)

  without the SCE option enabled, the list of plugins is empty.

  Also, should see  under "==== Supported OVAL objects and associated
  OpenSCAP probes ===="

  systemdunitproperty          probe_systemdunitproperty   
  systemdunitdependency        probe_systemdunitdependency 

  
  2. The second testcase requires running our SCAP content and verifying that those rules using scripts are run and those rules using systemd probes are run.

  
  [Regression Potential]

  The regression potential should be small. The changes proposed enables
  new functionality that is already included in the source package, and
  does not change the behavior of existing functionality.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1782031/+subscriptions