SCAP CVE Audit

Running a CVE audit using the SCAP standard [Security Content Automation Protocol] from the shell is now easy. These OVAL and XCCDF files are from RedHat and work on RHEL 6/CentOS 6 (and other releases).

SCAP includes standards such as CVE, CCE, CPE, CVSS, OVAL, and XCCDF.

 yum install openscap-utils     # Don't install if not on Satellite
 yum install spacewalk-oscap    # Install only this package if on Satellite
 wget http://www.redhat.com/security/data/metrics/com.redhat.rhsa-all.xccdf.xml
 wget http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml
 oscap xccdf eval --results results-cve-`hostname`.xml --report report-cve-`hostname`.html com.redhat.rhsa-all.xccdf.xml

You will be rewarded with output, like the following :

Title   RHSA-2014:0137: flash-plugin security update (Critical)
Rule    oval-com.redhat.rhsa-def-20140137
Ident   CVE-2014-0497
Result  pass

Kudos to the OpenSCAP project for making this possible. Don’t forget to regularly download the latest updates 🙂

Then you can lookup the CVE, if you need to :
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0988

A few more links:
http://www.open-scap.org/page/Documentation
http://scap.nist.gov/

Advertisements
This entry was posted in linux. Bookmark the permalink.

5 Responses to SCAP CVE Audit

  1. Thomas says:

    Any idea why this isn’t working anymore on a up2date CentOS 6.5 installation?

  2. Joe says:

    I just tried it on my CentOS 6.6 server and all tests pass but i know this is not accurate. Any advise?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s