** Also affects: openscap (Ubuntu Bionic) Importance: Undecided Status: New
** Also affects: openscap (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: openscap (Ubuntu Bionic) Status: New => Fix Released ** Changed in: openscap (Ubuntu) Status: Confirmed => Fix Released ** Changed in: openscap (Ubuntu Xenial) Status: New => Confirmed -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1782031 Title: [SRU][xenial] Enable SCE option and systemd probe in libopenscap8 Status in openscap package in Ubuntu: Fix Released Status in openscap source package in Xenial: Confirmed Status in openscap source package in Bionic: Fix Released Status in openscap package in Debian: Fix Released Bug description: [Impact] Canonical security certification team is automating Ubuntu specific security hardening guides using Security Content Automation Protcol (SCAP). SCAP requires Open Vulnerability and Assessment Language (xccdf and xml) to implement SCAP content. The openSCAP implementation processes SCAP content, but has been extended to also process python and bash scripts via a Script Check Engine (SCE). This ability to process bash and python scripts is needed because OVAL is somewhat limited in what it can do. We have had to write a few python and bash scripts. SCE is not enabled by default, and will require the addition of the "--enable-sce" option in the "debian/rules" file to turn it on. There are security hardening rules for systemd. There is also OVAL schema implemented as "probes" in openSCAP. The systemd probe to be enabled requires libdbus-1-dev during build. This would be set in the debian/control file The attached patch has all the necessary code change. These 2 changes were made in more current versions of libopenscap8 in Debian as indicated above. As a result, Artful, Bionic and Cosmic also have these changes. The automation we are working on is required for Xenial though. [Test Case] 1. run the command "oscap --v", and should see following with SEC option enabled, ==== Capabilities added by auto-loaded plugins ==== SCE Version: 1.0 (from libopenscap_sce.so.8) without the SCE option enabled, the list of plugins is empty. Also, should see under "==== Supported OVAL objects and associated OpenSCAP probes ====" systemdunitproperty probe_systemdunitproperty systemdunitdependency probe_systemdunitdependency 2. The second testcase requires running our SCAP content and verifying that those rules using scripts are run and those rules using systemd probes are run. [Regression Potential] The regression potential should be small. The changes proposed enables new functionality that is already included in the source package, and does not change the behavior of existing functionality. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1782031/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp