Hi Fen, On RHEL7 you can build OpenSCAP 1.3.3 from source code. Check [1] for instructions. Unfortunately, RHEL 7 won't ship OpenSCAP 1.3.x as a RPM package, because OpenSCAP 1.3.x isn't API compatible with the 1.2.x versions.
But, OpenSCAP and SSG in RHEL7 should work together. There was a fix [2] in RHEL7 for OpenSCAP to work with SCAP 1.3 data streams. Can you tell us how your scans are broken? Regards [1] https://github.com/OpenSCAP/openscap/blob/maint-1.3/docs/developer/developer.adoc#building-openscap-on-linux [2] https://bugzilla.redhat.com/show_bug.cgi?id=1709423 On Mon, May 4, 2020 at 5:06 AM Fen Labalme <fen.laba...@civicactions.com> wrote: > > Awesome - great work - thank you! > > Is there an easy way to have 1.3.x installed on RHEL/7 instances? Yum is > installing 1.2.17 and since (the default) SSG 0.1.46 is now defaulting to 1.3 > data streams, my scans are broken. > > Thanks again! > =Fen > > CivicActions Inc. | Making Compliance Secure > +1.412.996.4113 | civicactions.com > > > On Sun, May 3, 2020 at 3:38 PM Evgeny Kolesnikov <ekole...@redhat.com> wrote: >> >> Hello! >> >> We are proud to announce the OpenSCAP release 1.3.3. This release is >> based on the main-1.3 branch, and it is backward-compatible >> with 1.3.x releases. >> >> Notable improvements in this release: >> - a Python script that can be used for CLI tailoring (autotailor) >> (thank you, Matěj Týč); >> - timezone for XCCDF TestResult start and end time (thank you, Jan Černý); >> - new yamlfilecontent independent probe (draft implementation), >> see the proposal https://github.com/OVAL-Community/OVAL/issues/91 >> for additional information. >> >> There are other changes as well, here is the list: >> - Introduced `urn:xccdf:fix:script:kubernetes` fix type in XCCDF; >> - Added ability to generate `machineconfig` fix; >> - Detect ambiguous scan target (utils/oscap-podman); >> - Fixed #170: The rpmverifyfile probe can't verify files from '/bin' >> directory; >> - The data system_info probe return for offline and online modes is >> consistent and actual; >> - Prevent crashes when complicated regexes are executed in >> textfilecontent58 probe; >> - Fixed #1512: Severity refinement lost in generated guide; >> - Fixed #1453: Pointer lost in Swig API; >> - Evaluation Characteristics of the XCCDF report are now consistent >> with OVAL entities; >> from system_info probe; >> - Fixed filepath pattern matching in offline mode in textfilecontent58 probe; >> - Fixed infinite recursion in systemdunitdependency probe; >> - Fixed the case when CMake couldn't find libacl or xattr.h. >> >> Also thanks to all our contributors, who helped to make this release. >> >> Download: >> https://github.com/OpenSCAP/openscap/archive/1.3.3.tar.gz >> >> SHA512: >> e230668cdf900a2f31ccabc20787dce6c4174740aa7d2cc7b91c1c095e2a5b73d81bb614aa767d2e51383b5472def360c4204e9a6c4c85110c58b9999566613e >> >> Enjoy! >> >> On behalf of OpenSCAP contributors >> >> Evgenii Kolesnikov, >> Red Hat, Inc. >> >> >> _______________________________________________ >> Open-scap-list mailing list >> Open-scap-list@redhat.com >> https://www.redhat.com/mailman/listinfo/open-scap-list > > _______________________________________________ > Open-scap-list mailing list > Open-scap-list@redhat.com > https://www.redhat.com/mailman/listinfo/open-scap-list -- Jan Černý Security Technologies | Red Hat, Inc. _______________________________________________ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
