----- Original Message ----- > From: "Joseph Spenner" <[email protected]> > To: [email protected] > Sent: Tuesday, March 8, 2016 11:46:39 AM > Subject: Re: [Open-scap] Testing OpenScap, but no vulns show up > > > > > > On 3/8/16 10:58 AM, Joseph Spenner wrote: > > Hello, I am testing after installing with the following instructions: > > https://www.open-scap.org/resources/documentation/perform-vulnerability-scan-of-rhel-6-machine/ > > > > I downloaded CentOS 6.0 to use for a test, thinking there should be > > plenty of vulnerabilities since this was such an older release. > > However, I got zero vulnerabilities. > > > > Is this an invalid test? > > CentOS is (unsupported) community software, they do not publish or > maintain vulnerability information in OVAL formats. > > You'll want to re-run your test on RHEL :) > > ==================================== > > Oh, I didn't know about this limitation, but it makes sense. I did find a > workaround: > https://www.redhat.com/archives/spacewalk-list/2014-November/msg00007.html > > Thanks for the reply!
Keep in mind that the workaround is no longer necessary, SSG publishes content for CentOS now. Check out ssg-centos7-ds.xml for an example. Furthermore, this workaround will not help you with vulnerabilities. It will only let security benchmarks for RHEL be usable on CentOS. -- Martin Preisler Identity Management and Platform Security | Red Hat, Inc. _______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
