----- Original Message ----- > From: "Simon Lukasik" <[email protected]> > To: "SCAP Security Guide" <[email protected]> > Sent: Tuesday, July 1, 2014 1:05:10 PM > Subject: Re: Anyone using rhel6 ssg for centos6? > > On 06/18/2014 03:41 PM, Rui Pedro Bernardino wrote: > > … it seems OpenSCAP is using it’s own ‘openscap-cpe-dict.xml’ and that’s > > why the SSG platform check “works”. The checks in > > ‘ssg-rhel6-cpe-dictionary.xml’ fail always. > > > > Hello, > > I am sorry for the late response, but I would like to put a bit of light > into this. > > OpenSCAP uses its inbuilt CPE dictionary when the CPE is not provided > from the outside. This behavior is in line with SCAP requirements for > certified scanner. > > If you are not satisfied with inbuilt CPE name you may need to specify > --cpe command-line option to the scanner. > > For review of inbuilt CPE names run: > > # oscap --version > > In OpenSCAP upstream we try to give good guidance on: how a particular > CPE name shall be implemented [1]. We welcome comments, patches, as well > as implementation of new platforms. > > I remember, I have recently added CPE names for CentOS 5, 6, and 7. > However, I am unsure whether this new names are been released to the > downstreams.
This is the commit in question: https://git.fedorahosted.org/cgit/openscap.git/commit/?id=e09f29496081a0525cda0b18299bccb9803baf76 It is part of the master branch, there have been no releases that contain it yet. The next release with this change will be openscap 1.1.0. This commit may be a good candidate for a downstream patch in the CentOS package. -- Martin Preisler -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
