[Open-scap] Patches on Red Hat 6
Watson Yuuma Sato
wsato at redhat.com
Thu Jan 11 13:16:01 UTC 2018
On 10/01/18 19:40, Jordi Llorens wrote:
> Hi
>
> I've received FAIL on the : Ensure Software Patches Installed
> I have Internet connection.
You might have a package that is not updated, please make sure they are.
> This is the result of a Yum repolist command execution :
>
> Loaded plugins: refresh-packagekit, rhnplugin
> repo id repo name status
> rhel-x86_64-server-6 Red Hat Enterprise Linux Server (v. 6 for 64-bit
> x86 19887
> repolist: 19887
>
> I think that everything is ok, so I don't know why the test fails.
If Rule is still failing after updates applied, you can try to check
what is the CVE affecting your system.
Unfortunately, it cannot be done through SCAP Workbench. You'll have to
use command line.
# Download Red Hat CVE feed
$wget
https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL6.xml.bz2
# Scan your system
$oscap-ssh root at hostname oval eval ./com.redhat.rhsa-RHEL6.xml.bz2
You'll get a bunch results like below...
Starting the evaluation...
Definition oval:com.redhat.rhsa:def:20180061: false
Definition oval:com.redhat.rhsa:def:20180029: false
Definition oval:com.redhat.rhsa:def:20180023: false
Definition oval:com.redhat.rhsa:def:20180016: false
Definition oval:com.redhat.rhsa:def:20180014: true
Definition oval:com.redhat.rhsa:def:20180012: true
Any result "true" is a patch that you are missing. You can look out for
the definitions at https://www.redhat.com/security/data/oval/ to check
what are the affected components.
>
> Thx!
> Jordillo
>
>
--
Watson Sato
Security Technologies | Red Hat, Inc
More information about the Open-scap-list
mailing list