I am researching ways to Audit Security Vulnerabilities on Centos using the practical example here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Practical_Examples.html It shows the use of openscap with com.redhat.rhsa-all.xml and com.redhat.rhsa-all.xccdf.xml. I have configured a Centos 6.5 system with openscap and scanner 1.2.8. The scans run, without any noticeable errors, but it is saying that all tests are passing. Is this a suitable way to scan for vulnerabilities against installed products on Centos as well as redhat systems? Kind of new to this, is there another OVAL file I should be using or is there some messaging I need to do to the com.redhat.rhsa-all.xccdf.xml? Here is an example of one that is passing: RHSA-2016:0675: java-1.7.0-openjdk security update -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
