Allow --oval-results for usg audit

[Theoderich]

The oscap xccdf eval command used internally by the usg audit command supports the very handy --oval-results flag. When activated, the generated report includes more detailed information about failed checks, for example which files violated a rule. This information is useful when fixing existing audit problems. The Flag is described in the openSCAP User manual.

The usg audit command currently doesn't support using the --oval-results flag. Since the data obtained by using the flag is useful but also potentially sensitive, I propose adding a flag to the ua audit command for optionally enabling --oval-results. Another possible approach would be allowing the ua audit command to pass arbitrary flags to the underlying oscap command, potentially fixing similar problems like this one.

[renanrodrigo]

Hello, @Theoderich , thanks for raising this issue.

The Ubuntu Advantage Client gives you access to the usg command and to the related tools and audits. There is no such thing as ua audit (maybe that was a typo, and you meant usg audit like above).

The usg package is maintained by the Ubuntu Security Team. Given that, I'd suggest that you open this bug in https://bugs.launchpad.net/ubuntu-security-certifications. There they will be able to help.

[Theoderich]

Hi @renanrodrigo, thanks for the info. Yes I meant the usg audit command. I have opened a bug with the Ubuntu Security Team like you suggested. Thank you.