[Open-scap] vulnerability scan to detect security flaws, new/ unpatched CVEs
Shawn Wells
shawn at redhat.com
Mon Jan 23 16:47:31 UTC 2017
On 1/23/17 3:48 AM, Sona Sarmadi wrote:
> Hello folk,
>
> I am a member of OPNFV project’s security team. OPNFV project uses
> OpenSCAP tool for OPNFV platform, only for hardening and configuration
> check (scantype = xccdf). For further info please see here:
>
> _https://wiki.opnfv.org/display/functest/Functest+Security_
>
>
> I would like to expand this test to perform a vulnerability scan of a
> local or remote host, to get a report similar to the table below:
>
> _https://www.open-scap.org/features/vulnerability-assessment/_
>
>
> I run the following commands on my RedHat host:
> oscap oval eval --results rhsa-results-oval.xml --report
> oval-report-RedHat6.html *Red_Hat_Enterprise_Linux_6.xml*
>
> I get a fancy report, everything is green. Does this mean that all the
> following CVEs are patched in my RedHat host?
> How can I get a report of un-patched CVEs? This host has not been
> updated for a while, I am sure there are at least some kernel CVEs
> which need to be patched. How can I detect them?
>
>
> Thanks
> Best regards
> Sona Sarmadi
In the top-left of the report you will have a report summary table that
will indicate if you have any findings. Will look something like this:
Where #X reflects fails.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20170123/e9231a22/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 31582 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20170123/e9231a22/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 26626 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20170123/e9231a22/attachment-0001.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oliodnobndaojmjg.png
Type: image/png
Size: 50216 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/open-scap-list/attachments/20170123/e9231a22/attachment.png>
More information about the Open-scap-list
mailing list