----- Original Message ----- > From: "phil barone" <[email protected]> > To: [email protected] > Sent: Friday, July 15, 2016 2:17:25 PM > Subject: Auditing Security Vulnerabilities of Centos Products > > I am researching ways to Audit Security Vulnerabilities on Centos using the > practical example here: > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Practical_Examples.html > > It shows the use of openscap with com.redhat.rhsa-all.xml and > com.redhat.rhsa-all.xccdf.xml. > > I have configured a Centos 6.5 system with openscap and scanner 1.2.8. > > The scans run, without any noticeable errors, but it is saying that all tests > are passing. > > Is this a suitable way to scan for vulnerabilities against installed products > on Centos as well as redhat systems?
Hi Phil, as far as I know nobody is providing a CVE OVAL feed for CentOS. You need a CentOS feed and not the RHEL feed to check vulnerabilities. Therefore, at the moment, it's not possible to check for CentOS vulnerabilities using OpenSCAP. -- Martin Preisler Identity Management and Platform Security | Red Hat, Inc. -- SCAP Security Guide mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected] https://github.com/OpenSCAP/scap-security-guide/
