Running a CVE audit using the SCAP standard [Security Content Automation Protocol] from the shell is now easy. These OVAL and XCCDF files are from RedHat and work on RHEL 6/CentOS 6 (and other releases).

SCAP includes standards such as CVE, CCE, CPE, CVSS, OVAL, and XCCDF.

 yum install openscap-utils     # Don't install if not on Satellite
 yum install spacewalk-oscap    # Install only this package if on Satellite
 oscap xccdf eval --results results-cve-`hostname`.xml --report report-cve-`hostname`.html com.redhat.rhsa-all.xccdf.xml

You will be rewarded with output, like the following :

Title   RHSA-2014:0137: flash-plugin security update (Critical)
Rule    oval-com.redhat.rhsa-def-20140137
Ident   CVE-2014-0497
Result  pass

Kudos to the OpenSCAP project for making this possible. Don’t forget to regularly download the latest updates 🙂

Then you can lookup the CVE, if you need to :

A few more links:

This entry was posted in linux. Bookmark the permalink.

5 Responses to SCAP CVE Audit

  1. Thomas says:

    Any idea why this isn’t working anymore on a up2date CentOS 6.5 installation?

  2. Joe says:

    I just tried it on my CentOS 6.6 server and all tests pass but i know this is not accurate. Any advise?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s