First of all, apologies in advance if this is not the correct forum for this question. I'm new to all things SCAP. I'll try to be as concise as possible.
Here's the command I'm running:
oscap oval eval --report $OUTDIR/$OUTFILE /usr/share/scap_content/vulnerabilities/Red_Hat_Enterprise_Linux_7.xml
Here's the result I get for a specific test having to do with java-1.7.0-openjdk:
Rule oval:com.redhat.rhsa:def:20162658
Result false
Class patch
Ident [RHSA-2016:2658-03], [CVE-2016-5542], [CVE-2016-5554], [CVE-2016-5573], [CVE-2016-5582], [CVE-2016-5597]
Title RHSA-2016:2658: java-1.7.0-openjdk security update (Important)
My first question is...why does this test return false if I don't have java installed at all?
My second question is...how can I modify the test to make it return true if java is not installed on the machine?
Thanks!
Greg
On 11/16/2017 09:11 PM, Geller, Gregory Maximilian wrote:
First of all, apologies in advance if this is not the correct forum for this question. I'm new to all things SCAP. I'll try to be as concise as possible.
Here's the command I'm running:
oscap oval eval --report $OUTDIR/$OUTFILE /usr/share/scap_content/vulnerabilities/Red_Hat_Enterprise_Linux_7.xml
Here's the result I get for a specific test having to do with java-1.7.0-openjdk:
Ruleoval:com.redhat.rhsa:def:20162658
Resultfalse
Class patch
Ident [RHSA-2016:2658-03], [CVE-2016-5542], [CVE-2016-5554], [CVE-2016-5573], [CVE-2016-5582], [CVE-2016-5597]
Title RHSA-2016:2658: java-1.7.0-openjdk security update (Important)
My first question is...why does this test return false if I don't have java installed at all?
My second question is...how can I modify the test to make it return true if java is not installed on the machine?
Thanks!
Greg
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
Hello Greg, welcome to the wonderful world of SCAP! What you do when running the scan is search for vulnerabilities within your installed packages. Every test is test for vulnerability.
Thus result "false" is the one you want - means this particular vulnerability is not present on the system.
Hope it explains it a bit! Marek
P.S. For configuration compliance tests, it's the other way around - you test for compliant configuration, so "true" is what you want, "false" means you have incompliance.
Well, this is embarrassing. :P
________________________________________ From: Marek Haicman mhaicman@redhat.com Sent: Thursday, November 16, 2017 1:23 PM To: scap-security-guide@lists.fedorahosted.org Subject: Re: Why does this test fail?
On 11/16/2017 09:11 PM, Geller, Gregory Maximilian wrote:
First of all, apologies in advance if this is not the correct forum for this question. I'm new to all things SCAP. I'll try to be as concise as possible.
Here's the command I'm running:
oscap oval eval --report $OUTDIR/$OUTFILE /usr/share/scap_content/vulnerabilities/Red_Hat_Enterprise_Linux_7.xml
Here's the result I get for a specific test having to do with java-1.7.0-openjdk:
Ruleoval:com.redhat.rhsa:def:20162658
Resultfalse
Class patch
Ident [RHSA-2016:2658-03], [CVE-2016-5542], [CVE-2016-5554], [CVE-2016-5573], [CVE-2016-5582], [CVE-2016-5597]
Title RHSA-2016:2658: java-1.7.0-openjdk security update (Important)
My first question is...why does this test return false if I don't have java installed at all?
My second question is...how can I modify the test to make it return true if java is not installed on the machine?
Thanks!
Greg
scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
Hello Greg, welcome to the wonderful world of SCAP! What you do when running the scan is search for vulnerabilities within your installed packages. Every test is test for vulnerability.
Thus result "false" is the one you want - means this particular vulnerability is not present on the system.
Hope it explains it a bit! Marek
P.S. For configuration compliance tests, it's the other way around - you test for compliant configuration, so "true" is what you want, "false" means you have incompliance. _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org
scap-security-guide@lists.fedorahosted.org
-
Geller, Gregory Maximilian -
Marek Haicman