On 13 July 2012 05:32, Barry Brimer <li...@brimer.org> wrote: >> Is there an elegant way to run some command or program to list off the >> appropriate CVE's from my installed version of apache that I can paste >> into >> the dispute boxes the PCI folks offer for such purposes? > > > That depends on your definition of elegant. How about this: > > rpm -q <packagename> --changelog | grep CVE
You can also use the OpenSCAP set of tools, which use the data from the Red Hat CVE to audit your system. This will reveal if you are missing relevant updates. SCAP is a NIST standard for automating auditing systems, and so can be extended if you have need more auditing. For example, their is a description available from the NIST checklist repository [1] which audits the recommendations made in the NSA RHEL hardening guide [2]. I believe OpenSCAP is in the RHEL base. [1] http://web.nvd.nist.gov/view/ncp/repository [2] http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml#linux2 HTH > Barry > > > _______________________________________________ > rhelv5-list mailing list > rhelv5-list@redhat.com > https://www.redhat.com/mailman/listinfo/rhelv5-list -- Jonathan Barber <jonathan.bar...@gmail.com> _______________________________________________ rhelv5-list mailing list rhelv5-list@redhat.com https://www.redhat.com/mailman/listinfo/rhelv5-list