First of all, apologies in advance if this is not the correct forum for this question. I'm new to all things SCAP. I'll try to be as concise as possible.
Here's the command I'm running: oscap oval eval --report $OUTDIR/$OUTFILE /usr/share/scap_content/vulnerabilities/Red_Hat_Enterprise_Linux_7.xml Here's the result I get for a specific test having to do with java-1.7.0-openjdk: Rule oval:com.redhat.rhsa:def:20162658 Result false Class patch Ident [RHSA-2016:2658-03], [CVE-2016-5542], [CVE-2016-5554], [CVE-2016-5573], [CVE-2016-5582], [CVE-2016-5597] Title RHSA-2016:2658: java-1.7.0-openjdk security update (Important) My first question is...why does this test return false if I don't have java installed at all? My second question is...how can I modify the test to make it return true if java is not installed on the machine? Thanks! Greg
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
