View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006964 | Rocky-Linux-8 | General | public | 2024-05-31 10:55 | 2024-05-31 13:43 |
| Reporter | Yavor Atanasov | Assigned To | Louis Abel | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | suspended | ||
| Summary | 0006964: Rocky linux 8/9 oval data contains invalid filepath in the rpmverifyfile_object used to check if the system is Rocky Linux | ||||
| Description | Using latest Rocky Linux 8/9 oval data from https://download.rockylinux.org/pub/oval We have an in-house tool which uses Red Hat's oval data (e.g. https://access.redhat.com/security/data/oval/v2/RHEL9/rhel-9.oval.xml.bz2) to scan our systems for vulnerabilities. We'd like to move to Rocky's oval data. When attempting a scan with Rocky's ovals we get an error at the rpmverifyfile_test which tests that "Rocky Linux must be installed". The test is meant to check whether the system has the following filepath: /etc/rocky-release. However the filepath attribute of rpmverifyfile_object for this test is empty. Here are the relevant snippets from the rocky 8 oval (the rocky 9 is the same): The rpmverifyfile_test definition, which points to the problematic object with ref oval:org.rockylinux.rlsa:obj:20234378001: <red-def:rpmverifyfile_test check="none satisfy" comment="Rocky Linux must be installed" id="oval:org.rockylinux.rlsa:tst:20234378001" version="1"> <red-def:object object_ref="oval:org.rockylinux.rlsa:obj:20234378001"/> <red-def:state state_ref="oval:org.rockylinux.rlsa:ste:20234378001"/> </red-def:rpmverifyfile_test> And this is the rpmverifyfile_state definition, which basically checks that the filepath should match the expected pattern: <red-def:rpmverifyfile_state id="oval:org.rockylinux.rlsa:ste:20234378001" version="1"> <red-def:name operation="pattern match">^rocky-release</red-def:name> </red-def:rpmverifyfile_state> And finally the problematic object: <red-def:rpmverifyfile_object id="oval:org.rockylinux.rlsa:obj:20234378001" version="1"> <red-def:behaviors noconfigfiles="true" noghostfiles="true" nogroup="true" nolinkto="true" nomd5="true" nomode="true" nomtime="true" nordev="true" nosize="true" nouser="true"/> <red-def:name operation="pattern match"/> <red-def:epoch operation="pattern match"/> <red-def:version operation="pattern match"/> <red-def:release operation="pattern match"/> <red-def:arch operation="pattern match"/> <red-def:filepath operation="pattern match"/> </red-def:rpmverifyfile_object> As you can see, the <red-def:filepath/> tag is empty and it should contain "/etc/rocky-release". For example this is what the Red Hat equivalent oval contains for this same object: <red-def:filepath>/etc/redhat-release</red-def:filepath> | ||||
| Tags | oval | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-05-31 10:55 | Yavor Atanasov | New Issue | |
| 2024-05-31 10:55 | Yavor Atanasov | Tag Attached: oval | |
| 2024-05-31 13:43 | Louis Abel | Assigned To | => Louis Abel |
| 2024-05-31 13:43 | Louis Abel | Status | new => closed |
| 2024-05-31 13:43 | Louis Abel | Resolution | open => suspended |
| 2024-05-31 13:43 | Louis Abel | Note Added: 0007265 |
