<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 1/23/17 3:48 AM, Sona Sarmadi wrote:<br>
</div>
<blockquote
cite="mid:3230301C09DEF9499B442BBE162C5E48AC30CC79@SESTOEX04.enea.se"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from rtf -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
<font face="Calibri" size="2"><span style="font-size:11pt;">
<div>Hello folk,</div>
<div> </div>
<div>I am a member of OPNFV project’s security team. OPNFV
project uses OpenSCAP tool for OPNFV platform, only for
hardening and configuration check (<font face="Times New
Roman" size="2"><span style="font-size:10pt;">scantype =
xccdf</span></font>). For further
info please see here:</div>
<div> </div>
<div><a moz-do-not-send="true"
href="https://wiki.opnfv.org/display/functest/Functest+Security"><font
color="#0563C1"><u>https://wiki.opnfv.org/display/functest/Functest+Security</u></font></a></div>
<div> </div>
<div> </div>
<div>I would like to expand this test to perform a
vulnerability scan of a local or remote host, to get a
report similar to the table below:</div>
<div> </div>
<div><a moz-do-not-send="true"
href="https://www.open-scap.org/features/vulnerability-assessment/"><font
color="#0563C1"><u>https://www.open-scap.org/features/vulnerability-assessment/</u></font></a>
</div>
<div><img src="cid:part3.9D4E9578.151DF739@redhat.com"> </div>
<div> </div>
<div> </div>
<div>I run the following commands on my RedHat host:</div>
<div>oscap oval eval --results rhsa-results-oval.xml --report
oval-report-RedHat6.html <b>Red_Hat_Enterprise_Linux_6.xml</b></div>
<div> </div>
<div>I get a fancy report, everything is green. Does this mean
that all the following CVEs are patched in my RedHat host? </div>
<div>How can I get a report of un-patched CVEs? This host has
not been updated for a while, I am sure there are at least
some kernel CVEs which need to be patched. How can I detect
them? </div>
<div> </div>
<div><img src="cid:part4.3BB6925E.4769C727@redhat.com"> </div>
<div> </div>
<div>Thanks</div>
<div>Best regards</div>
<div>Sona Sarmadi</div>
</span></font></blockquote>
<br>
In the top-left of the report you will have a report summary table
that will indicate if you have any findings. Will look something
like this:<br>
<br>
<img src="cid:part5.5F7CE201.20356A0B@redhat.com" alt=""><br>
<br>
<br>
Where #X reflects fails.<br>
<br>
</body>
</html>