It is clear that CentOS does not publich OVAL definitions. If so, I need help to find out if somehow we can leverage RedHats Oval vulnerability definitions and make them work for CentOS. I have found post, of people claiming they have made them work , but don't share what exactly they have done.
So far, I have tried modifying , simple OVAL definitions , but when I run it, I just get, (false). Even when its not vulnerable anymore
Definition oval:com.redhat.rhsa:def:20172836: false
Evaluation done.
Does anyone here has had the luck to make them work that would care to share how they did it?
Thanks,
Using Redhat's OpenScap OVAL Definitions on CentOS
-
- Posts: 2
- Joined: 2017/10/23 10:44:11
-
- Posts: 2
- Joined: 2017/10/23 10:44:11
Re: Using Redhat's OpenScap OVAL Definitions on CentOS
Just for the record, found something that might be useful. There seem to be a script that modifies RHEL feed in order to work with centos
https://github.com/jordancaraballo/scaptest
Also another approach is to use pakiti, not necessarily leveraging the oscap tools and files. Rather Pakiti takes RedHat's oval as a baseline and makes is useful for Centos just by doing rpm pkgs version matching.
https://github.com/CESNET/pakiti-server ... uration.md
Cheers,
https://github.com/jordancaraballo/scaptest
Also another approach is to use pakiti, not necessarily leveraging the oscap tools and files. Rather Pakiti takes RedHat's oval as a baseline and makes is useful for Centos just by doing rpm pkgs version matching.
https://github.com/CESNET/pakiti-server ... uration.md
Cheers,