Re: [Open-scap] OSCAP - CVE information
On Thursday, August 30, 2018 9:12:04 AM EDT Mohanraj, Bharath wrote: > I'm referring to the section 2.5.1 in the link here, > https://static.open-scap.org/openscap-1.2/oscap_user_manual.html > > It says, " Each XCCDF Rule can have xccdf:ident elements inside. These > elements allow the content creator to reference various external > identifiers like CVE, CCE, CPE and others." > > But I don't see CVE under any of the rules. Which rules are you testing with? There is only one set of rules I know of that has CVE's. All others have CCE's. -Steve > -Original Message- > From: Steve Grubb > Sent: Thursday, August 30, 2018 6:38 PM > To: open-scap-list@redhat.com > Cc: Mohanraj, Bharath > Subject: Re: [Open-scap] OSCAP - CVE information > > Hello, > > On Thursday, August 30, 2018 8:05:30 AM EDT Mohanraj, Bharath wrote: > > I'm using the oscap scanner on linux boxes, for triggering "oscap > > xccdf eval" command. In the output generated, one of the info I would > > need to present is the CVE for each rule. > > This may be a misunderstanding in terminology. Each rule has a CCE - not a > CVE. You can write rules to detect packages with known CVE's, but that is > not your typical XCCDF. > > > However, I don't see the CVE info for > > the rules in the xccdf xmls (no tag for CVEs under the rules). > > > > Can you please help me understand how I can capture the CVE associated > > with each rule? > > I think you mean CCE. What content are you running? > > -Steve ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] OSCAP - CVE information
Hello, On Thursday, August 30, 2018 8:05:30 AM EDT Mohanraj, Bharath wrote: > I'm using the oscap scanner on linux boxes, for triggering "oscap xccdf > eval" command. In the output generated, one of the info I would need to > present is the CVE for each rule. This may be a misunderstanding in terminology. Each rule has a CCE - not a CVE. You can write rules to detect packages with known CVE's, but that is not your typical XCCDF. > However, I don't see the CVE info for > the rules in the xccdf xmls (no tag for CVEs under the rules). > > Can you please help me understand how I can capture the CVE associated with > each rule? I think you mean CCE. What content are you running? -Steve ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list
Re: [Open-scap] OSCAP - CVE information
Hi Marek, Thanks for your reply. I'm using the RHEL7 xccdf that is shipped with scap security guide. So based on your reply it looks like, these XCCDF xmls which are part of ssg will not have CVE linked. In that case, can you please guide me the location from where I can get the required xmls for evaluating all platforms supported by OSCAP? Also, is the command going to be similar to xccdf, right now I'm using below two commands, oscap xccdf eval --profile --results --progress oscap xccdf eval --remediate --profile --tailoring-file --results --progress Will the command remain same for oval as well, except for changing "oscap xccdf eval" to "oscap oval eval"? Please clarify. Regards, Bharath M -Original Message- From: Marek Haicman Sent: Thursday, August 30, 2018 5:53 PM To: Mohanraj, Bharath ; open-scap-list Subject: Re: [Open-scap] OSCAP - CVE information On 08/30/2018 02:05 PM, Mohanraj, Bharath wrote: > Hi Team, > > I'm using the oscap scanner on linux boxes, for triggering "oscap > xccdf eval" command. In the output generated, one of the info I would > need to present is the CVE for each rule. However, I don't see the CVE > info for the rules in the xccdf xmls (no tag for CVEs under the > rules). > > Can you please help me understand how I can capture the CVE associated > with each rule? > > Regards, > > Bharath M Hello Bharath, what xccdf xmls are you using? In case you target RHEL, then CVE vulnerabilities are detected using content downloaded from https://urldefense.proofpoint.com/v2/url?u=https-3A__www.redhat.com_security_data_oval_=DwID-g=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E=AUaowh4kDgwmfFF8B9dpIGVcrfeOZDaHu6Di1CZTnp4=kMwq-DtTaQQ9c8tjyXsXju19K6K3emMl8b7SruHINqw=frx6brG1Kc18pnlMd88AWwt5zzw3ub6N5OhX2PSOZJE= and scanned using `oscap oval eval`. Content shipped in SCAP Security Guide is configuration guidance which is different approach to security. Thus no CVE information is linked. In case you consume CVE content for different platforms, it's up to them to produce it with proper metadata. Hope it helps, Marek ___ Open-scap-list mailing list Open-scap-list@redhat.com https://www.redhat.com/mailman/listinfo/open-scap-list