How to configure proxy for scap-workbench?

Hi, I’ve been trying to set a proxy server for scap-workbench but I have not had any success. It also does not accept the --local-files option. Scratching my head right now as to how to get it to use the remote resources.

Googling has not helped. I’ve tried exporting https_proxy=http://proxy:port and https_proxy=proxy:port but neither have worked.

The documentation does not have any reference to proxy servers.

It’s probably something simple but I’m missing it, so any help would be appreciated! Using curl from the command line with the proxy set I am able to download the bz2 file without issue.

netstat show an attempt to connect directly to a23-32-5-198.deploy.static.akamaitechnologies.com

output is as follows:

14:06:51
info
Downloading: https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml.bz2 … error

14:06:51
error
The ‘oscap’ process has written the following content to stderr: OpenSCAP Error: Download failed: Couldn’t connect to server [/builddir/build/BUILD/openscap-1.3.7/src/common/oscap_acquire.c:405]

14:06:51
error
The ‘oscap’ process has written the following content to stderr: Could not extract scap_org.open-scap_cref_ssg-rhel8-xccdf.xml with all dependencies from datastream. [/builddir/build/BUILD/openscap-1.3.7/src/DS/ds_sds_session.c:228]

14:06:51
error
There was an error during evaluation! Exit code of the ‘oscap’ process was 1.

I’m currently trying on a rhel8.7 machine.

If proxy configuration is not documented, then it is likely not supported.
This is normal as many protocols and applications do not support proxification.

Hmmm ok, yes probably a good point. I’m a little surprised that standard https would not be implemented but if that’s the case it is what it is.

I think I’ll work around it by hosting the file on an internal server and just spoofing the download address with a host entry when I run it. :slight_smile:

edit: ok well that was a bit naive. I guess I should have realized that a security tool would check the validity of the cert :smiley: Looks like I’m going to have to learn how to use the command line for doing the scans, as it has the option for using the file locally.