[Open-scap] Issues with open-scap 0.9.1 and 0.9.2 on RHEL6 (UNCLASSIFIED)

[Shawn Wells]

On 11/20/12 2:42 PM, Simon Lukasik wrote:
> On 11/20/2012 07:20 PM, Shawn Wells wrote:
>> >Question: In the 0.9.2 release note [1] it was mentioned that the --cpe
>> >option autodetects what CPE dictionary to use. I haven't been able to
>> >explore the 0.9.2 release yet, however will that solve this issue?
>> >Specifically since the SSG content follows a standard ssg-rhel6-{xccdf
>> >cpe oval}.xml naming scheme will OpenSCAP 0.9.2 pickup the CPE file?
>> >
> No, I am afraid.
>
> Autodect means that oscap tool (automatically) recognize version of
> given dictionary (the --cpe argument). In some of the previous versions
> you have had to use different arguments for different CPE versions.
>
> And regarding filenames you've mentioned: .*-{xccdf,cpe,oval}.xml -- is
> this really a standard file-naming scheme or is it just commonly used?
> Currently, there is no consensus amongst developers whether the oscap
> command-line tool shall try to guess filenames or not. And I believe it
> should not.
>
> Although, patches are always welcome. :)

IIRC the documented naming scheme is similar to the following, which is 
why we chose it. The stuff before {cpe oval etc} doesn't matter, as long 
as it's the same.

$contentString-{xccdf oval patches cpe-dictionary cpe-oval}.xml

I'm going to have to read through the SCAP version specs to see if I'm 
full of crap or not. Will respond back later with a reference.... if I 
indeed am not making this up. I seem to recall this from the SCAP 1.0 spec.