----- Original Message ----- > From: "Stuart Green" <[email protected]> > To: "SCAP Security Guide" <[email protected]> > Sent: Wednesday, July 2, 2014 2:54:57 PM > Subject: Re: Anyone using rhel6 ssg for centos6? > > > > > ----- Original Message ----- > >> From: "Simon Lukasik" <[email protected]> > >> To: "SCAP Security Guide" <[email protected]> > >> Sent: Tuesday, July 1, 2014 1:05:10 PM > >> Subject: Re: Anyone using rhel6 ssg for centos6? > >> > >> On 06/18/2014 03:41 PM, Rui Pedro Bernardino wrote: > >>> … it seems OpenSCAP is using it’s own ‘openscap-cpe-dict.xml’ and that’s > >>> why the SSG platform check “works”. The checks in > >>> ‘ssg-rhel6-cpe-dictionary.xml’ fail always. > >>> > >> Hello, > >> > >> I am sorry for the late response, but I would like to put a bit of light > >> into this. > >> > >> OpenSCAP uses its inbuilt CPE dictionary when the CPE is not provided > >> from the outside. This behavior is in line with SCAP requirements for > >> certified scanner. > >> > >> If you are not satisfied with inbuilt CPE name you may need to specify > >> --cpe command-line option to the scanner. > >> > >> For review of inbuilt CPE names run: > >> > >> # oscap --version > >> > >> In OpenSCAP upstream we try to give good guidance on: how a particular > >> CPE name shall be implemented [1]. We welcome comments, patches, as well > >> as implementation of new platforms. > >> > >> I remember, I have recently added CPE names for CentOS 5, 6, and 7. > >> However, I am unsure whether this new names are been released to the > >> downstreams. > > This is the commit in question: > > > > https://git.fedorahosted.org/cgit/openscap.git/commit/?id=e09f29496081a0525cda0b18299bccb9803baf76 > > > > It is part of the master branch, there have been no releases that contain > > it yet. The next release with this change will be openscap 1.1.0. This > > commit may be a good candidate for a downstream patch in the CentOS > > package. > > > Yes please!!
Please lobby at the appropriate place - https://bugs.centos.org -- Martin Preisler -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide https://github.com/OpenSCAP/scap-security-guide/
