2

I'm using the Redhat cve reports to run OVAL scans against CentOS 7. I'm trying to understand if the results are accurate, or if I should be doing it differently. If I run an OVAL report like this:

wget https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2

bunzip2 com.redhat.rhsa-RHEL7.xml.bz2

oscap oval eval --results rhsa-results-oval.xml --report ${HTMLPATH}/myreport.html com.redhat.rhsa-RHEL7.xml

The results are all 'false', meaning that nothing is unpatched.

What also gives me pause is that there are no "unknown" results, which I'd expect if some packages partially matched.

I've looked at the definitions and don't understand what's it's doing. I think the match patterns might or might not match Cent packages, depending on how the search is done.

Can someone tell me definitively if I'm doing this wrong?

J Adams
  • 181
  • 9
  • Meant to add that I've looked at the results xml, and it *appears* that many tests match against packages, but I'm not sure that I'm reading those correctly. – J Adams Jul 24 '18 at 15:01
  • https://oval.cisecurity.org/repository/download – chicks Jul 26 '18 at 13:43

2 Answers2

2

This is one of the differences between RHEL and CentOS. Red Hat OVALs are not applicable to CentOS systems.

Jan Cerny
  • 141
  • 1
0

try this configuration file instead: https://oval.cisecurity.org/repository/download/5.11.2/vulnerability/centos_linux_7.xml

it works with a fresh CENTOS7 for me.

wazoox
  • 6,782
  • 4
  • 30
  • 62
Petrus_33
  • 1