Is Ubuntu 24.04 supported? Problem using `oscap xccdf generate`

[brendanbeck62]

Description of Problem:

There seems to be conflicting documentation about where/how to install on Ubuntu 24.04, and if it is even supported. I found that the name of the package changed from libopenscap8 to openscap-scanner here: https://github.com/OpenSCAP/openscap/blob/main/docs/manual/manual.adoc. But on the main website, it still states libopenscap8 is the package to install (https://www.open-scap.org/tools/openscap-base/#download).

I am looking into this because when attempting to generate a hardening script based on the new Ubuntu 24.04 benchamrks released by CISCAT, and getting FIX FOR THIS RULE <rule_name> IS MISSING! for every rule. Trying to figure out whether it's a bug in the benchmark files or in Oscap.

OpenSCAP Version:

OpenSCAP command line tool (oscap) 1.3.9
Copyright 2009--2023 Red Hat Inc., Durham, North Carolina.

==== Supported specifications ====
SCAP Version: 1.3
XCCDF Version: 1.2
OVAL Version: 5.11.1
CPE Version: 2.3
CVSS Version: 2.0
CVE Version: 2.0
Asset Identification Version: 1.1
Asset Reporting Format Version: 1.1
CVRF Version: 1.1

Operating System & Version:

Ubuntu 24.04

Steps to Reproduce:

$ sudo apt install openscap-scanner
$ oscap xccdf generate --verbose DEVEL --verbose-log-file out.out --profile xccdf_org.cisecurity.benchmarks_profile_Level_1_-_Server fix --fix-type bash --output harden.sh Assessor/benchmarks/CIS_Ubuntu_Linux_20.04_LTS_Benchmark_v2.0.1-xccdf.xml

Actual Results:

script full of FIX FOR THIS RULE <rule_name> IS MISSING! for every rule

Expected Results:

a valid hardening script.

[Mab879]

Based on my quick glance at the XCCDF file, OpenSCAP is correct there is no fix for the rule. There is fix text, which appears the bash remediation script formatted in HTML, but no actual fix that OpenSCAP can use to create a remediation script.