Hello folk, I am a member of OPNFV project's security team. OPNFV project uses OpenSCAP tool for OPNFV platform, only for hardening and configuration check (scantype = xccdf). For further info please see here:
https://wiki.opnfv.org/display/functest/Functest+Security I would like to expand this test to perform a vulnerability scan of a local or remote host, to get a report similar to the table below: https://www.open-scap.org/features/vulnerability-assessment/ I run the following commands on my RedHat host: oscap oval eval --results rhsa-results-oval.xml --report oval-report-RedHat6.html Red_Hat_Enterprise_Linux_6.xml I get a fancy report, everything is green. Does this mean that all the following CVEs are patched in my RedHat host? How can I get a report of un-patched CVEs? This host has not been updated for a while, I am sure there are at least some kernel CVEs which need to be patched. How can I detect them? Thanks Best regards Sona Sarmadi
_______________________________________________ Open-scap-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/open-scap-list
