Hello all, I am looking for an image with old version also with lots of vulnerabilities. However, even though I could find old images, they are not considered as vulnerable images by the scanner. All the tests are false based my experiences so far. For example, I followed the instruction at http://www.open-scap.org/resources/documentation/perform-vulnerability-scan-of-rhel-6-machine/
With that instruction, I scanned a centOS6 published in 2011 (image url: http://archive.kernel.org/centos-vault/6.0/isos/i386/CentOS-6.0-i386-LiveCD.iso). Surprisingly, no vulnerability is detected (all the vulnerability validations are false)..... Am I doing something wrong or those old images are super safe? Any suggestions will be highly appreciated! -- Su Zhang
-- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
