You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are having an issue running the latest RHEL7 Benchmark out of our Satellite Server 6.10 (which uses OpenScap) Specifically, Satellite 6.10 now requires a Benchmark with the "xmlns:ds" namespace key in it, which the current SCAP 1.2 Benchmark doesn't have. It appears OpenSCAP made this change upstream a while ago, (OpenSCAP:master from xprazak2:validate-formats
on Aug 7, 2019) but only starting in 6.10's suite did it start enforcing it and giving an "import error" without it. RedHat help desk said...
"Datastream contains a "data-stream-collection" namespace and contains a key named "xmlns:ds" then it's a valid file otherwise it would be invalid."
Is there a conversion or workaround (possibly a SCAP 1.2 -> 1.3 converter) so the current RHEL7 Benchmark would be compatible with Satellite Server 6.10 which we are required to use starting this month? Without it, our ability to scan several hundred Linux workstations managed under Satellite will be significantly impaired.
As I read from this PR, we validate the Datastream file based on the namespace and keys. If your Datastream contains a "data-stream-collection" namespace and contains a key named "xmlns:ds" then it's a valid file otherwise it would be invalid.
The file that you uploaded here doesn't contain this, so it throws the error "Invalid SCAP file type".
This is the Datastream we ship for RHEL7 and you can see in the above we have a key named "xmlns:ds" available.
Still checking with the Engineering team for a workaround, you can also check with external vendor and ask if it is possible to regenerate the DS file with the new standard.
Regards,
Satyajit Das
Red Hat Global Support
Red Hat Satellite 6.10 was released on 16th November 2021 and Red Hat Satellite 6.7 has reached EOL on 30th November 2021, plan the upgrade soon if not done yet.
For more details related to Red Hat Satellite Product Life Cycle, refer to Red Hat Satellite Product Life Cycle
Start proactively identifying and remediating risks across your Red Hat infrastructure with Red Hat Insights red.ht/Insights_start
To ensure the best support experience possible, please note the following:
Replying to this email should result in your comments being added to the case. However, we suggest adding comments to the case directly via the Customer Portal in case the email fails.
When replying to this email, do not change the subject.
Check to make sure you are replying to case emails from the email address that is listed as the case contact.
Attachments cannot be added to a case via email. Attachments must be uploaded to a case directly.
To ensure the best support experience possible, please note the following:
Replying to this email should result in your comments being added to the case. However, we suggest adding comments to the case directly via the Customer Portal in case the email fails.
When replying to this email, do not change the subject.
Check to make sure you are replying to case emails from the email address that is listed as the case contact.
Attachments cannot be added to a case via email. Attachments must be uploaded to a case directly.
We are having an issue running the latest RHEL7 Benchmark out of our Satellite Server 6.10 (which uses OpenScap) Specifically, Satellite 6.10 now requires a Benchmark with the "xmlns:ds" namespace key in it, which the current SCAP 1.2 Benchmark doesn't have. It appears OpenSCAP made this change upstream a while ago, (OpenSCAP:master from xprazak2:validate-formats
on Aug 7, 2019) but only starting in 6.10's suite did it start enforcing it and giving an "import error" without it. RedHat help desk said...
"Datastream contains a "data-stream-collection" namespace and contains a key named "xmlns:ds" then it's a valid file otherwise it would be invalid."
Is there a conversion or workaround (possibly a SCAP 1.2 -> 1.3 converter) so the current RHEL7 Benchmark would be compatible with Satellite Server 6.10 which we are required to use starting this month? Without it, our ability to scan several hundred Linux workstations managed under Satellite will be significantly impaired.
r/ Marc
| Case Information |
https://urldefense.us/v3/__https://access.redhat.com/support/cases/*/case/03149735__;Iw!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-szfwFdFw$
Case Title : Error importing latest DISA Benchmark.xml files to run SCAP / Foreman scan
Case Number : 03149735
Case Open Date : 2022-02-14 16:19:27
Severity : 3 (Normal)
Problem Type : Defect / Bug
Product : Red Hat Satellite
Version : 6.10
Most recent comment: On 2022-02-17 08:20:57, Das, Satyajit commented:
"Hello Team,
I have an update from the internal team,
The reason the import is failing as the validation parameters are changed and this is due to the upstream PR https://urldefense.us/v3/__https://github.com/OpenSCAP/openscap_parser/pull/5__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-v74C0awg$ .
As I read from this PR, we validate the Datastream file based on the namespace and keys. If your Datastream contains a "data-stream-collection" namespace and contains a key named "xmlns:ds" then it's a valid file otherwise it would be invalid.
The file that you uploaded here doesn't contain this, so it throws the error "Invalid SCAP file type".
grep xmlns:ds /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
This is the Datastream we ship for RHEL7 and you can see in the above we have a key named "xmlns:ds" available.
Still checking with the Engineering team for a workaround, you can also check with external vendor and ask if it is possible to regenerate the DS file with the new standard.
Regards,
Satyajit Das
Red Hat Global Support
Red Hat Satellite 6.10 was released on 16th November 2021 and Red Hat Satellite 6.7 has reached EOL on 30th November 2021, plan the upgrade soon if not done yet.
For more details related to Red Hat Satellite Product Life Cycle, refer to Red Hat Satellite Product Life Cycle
-------"
https://urldefense.us/v3/__https://access.redhat.com/support/cases/*/case/03149735?commentId=a0a2K00000eOkIqQAK__;Iw!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-tfqeFBCg$
A comment has been added to the case.
To ensure the best support experience possible, please note the following:
Supporting success. Exceeding expectations.
Red Hat Support on Social Media: https://urldefense.us/v3/__https://access.redhat.com/social/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-tu1ljs0g$
Red Hat Customer Portal Discussions: https://urldefense.us/v3/__https://access.redhat.com/discussions/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-t2oQjy3g$
Red Hat Access Labs: https://urldefense.us/v3/__https://access.redhat.com/labs/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-uNNbvrjQ$
If you need immediate assistance, please refer to https://urldefense.us/v3/__https://access.redhat.com/support/contact/technicalSupport/__;!!Az_Xe1LHMyBq19w!bSuyS96f-hbWs2i4px03unz7HRhFOEWiZ3nsfdnK6dBf5uo_pG_xCx5_t-s5BesdGw$
ref:_00DA0HxWH._5002K11fnPr:ref"
https://urldefense.us/v3/__https://access.redhat.com/support/cases/*/case/03149735?commentId=a0a2K00000eYeP2QAK__;Iw!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqkkWXWWRQ$
A comment has been added to the case.
To ensure the best support experience possible, please note the following:
Supporting success. Exceeding expectations.
Red Hat Support on Social Media: https://urldefense.us/v3/__https://access.redhat.com/social/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqkYKWEbsw$
Red Hat Customer Portal Discussions: https://urldefense.us/v3/__https://access.redhat.com/discussions/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqlOqN5abw$
Red Hat Access Labs: https://urldefense.us/v3/__https://access.redhat.com/labs/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKql5xJpKjA$
If you need immediate assistance, please refer to https://urldefense.us/v3/__https://access.redhat.com/support/contact/technicalSupport/__;!!Az_Xe1LHMyBq19w!Y6jLkQkOBebz4qC4TUFP8IjQ-4ToyAFWEPPomzI5164vgZu6lG1rtxcpKqnaKmzgWg$
ref:_00DA0HxWH._5002K11fnPr:ref
The text was updated successfully, but these errors were encountered: