On 11/16/2017 09:11 PM, Geller, Gregory Maximilian wrote:
First of all, apologies in advance if this is not the correct forum for
this question. I'm new to all things SCAP. I'll try to be as concise as
possible.
Here's the command I'm running:
oscap oval eval --report $OUTDIR/$OUTFILE
/usr/share/scap_content/vulnerabilities/Red_Hat_Enterprise_Linux_7.xml
Here's the resultĀ I get for a specific test having to do with
java-1.7.0-openjdk:
Ruleoval:com.redhat.rhsa:def:20162658
Resultfalse
Class patch
Ident [RHSA-2016:2658-03], [CVE-2016-5542], [CVE-2016-5554],
[CVE-2016-5573], [CVE-2016-5582], [CVE-2016-5597]
Title RHSA-2016:2658: java-1.7.0-openjdk security update (Important)
My first question is...why does this test return false if I don't have
java installed at all?
My second question is...how can I modify the test to make it return true
if java is not installed on the machine?
Thanks!
Greg
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Hello Greg,
welcome to the wonderful world of SCAP! What you do when running the
scan is search for vulnerabilities within your installed packages. Every
test is test for vulnerability.
Thus result "false" is the one you want - means this particular
vulnerability is not present on the system.
Hope it explains it a bit!
Marek
P.S. For configuration compliance tests, it's the other way around - you
test for compliant configuration, so "true" is what you want, "false"
means you have incompliance.
_______________________________________________
scap-security-guide mailing list -- [email protected]
To unsubscribe send an email to [email protected]
