oval-for-el's Introduction

OVAL-For-EL

中文 (Chinese version) English (English version)

Features

CentOS OVAL
Split oval by severity
Automatic update and revise with official security

Supports

OS	Release	Upstream	Status
redhat	RHEL5 - RHEL8	https://www.redhat.com/security/data/oval/	syncing
centos	EL5 - EL8	https://www.redhat.com/security/data/oval/	syncing

Scripts

scripts/rh2el.py

#usage:
usage: rh2el.py [-h] oval_file output_file

redhat oval definition adapt to centos

positional arguments:
  oval_file    redhat oval file path
  output_file  redhat oval output file path

Files Tree:

├── centos										
│   ├── com.redhat.rhsa-EL7-Critical.xml        #oval severity is critical
│   ├── com.redhat.rhsa-EL7-Important.xml       #oval severity is important
│   ├── com.redhat.rhsa-EL7-Low.xml             #oval severity is low
│   ├── com.redhat.rhsa-EL7-Moderate.xml        #oval severity is moderate
│   ├── com.redhat.rhsa-EL7.xml                 #all severity oval on centos7
│   ├── ...
└── redhat										
    ├── com.redhat.rhsa-RHEL7-Critical.xml		
    ├── com.redhat.rhsa-RHEL7-Important.xml		
    ├── com.redhat.rhsa-RHEL7-Low.xml			
    ├── com.redhat.rhsa-RHEL7-Moderate.xml		
    ├── com.redhat.rhsa-RHEL7.xml				
    ├── ...

Quick Start

Identify software vulnerabilities on centos 7 with oscap which is a best scap scanner provided by openscap.

Download oval-for-el

git clone https://github.com/Sep0lkit/oval-for-el.git

Install oscap

sudo yum install openscap openscap-scnner

Run oscap oval
- check all vulnerabilities defined for centos7
```
oscap oval eval com.redhat.rhsa-EL7.xml
```
- only check one vulnerabilitiy
  
  Ex: shellchock(CVE-2014-6271). this vulnerabilitiy defined with id oval:com.redhat.rhsa:def:20141293 in com.redhat.rhsa-EL7.xml
```
oscap oval eval --id oval:com.redhat.rhsa:def:20141293 com.redhat.rhsa-EL7.xml
```
- export html report with options --report
```
oscap oval eval --report centos7.html  com.redhat.rhsa-EL7.xml
```
Consle output:

HTML report:

Result: true means the vulnerability exists, and the true results always before false in html report

Details on ovals above

Redhat:

split by severity

CentOS:

convert from redhat oval
cpe and criterions for centos
rpm signature key check for centos
split by severity

Resource

Linux OVAL

Getting Help

Twitter: @sep0lkit

oval-for-el's People

Contributors

Stargazers

Watchers

oval-for-el's Issues

一些优化建议

看了下基于威胁等级拆分后的oval数据其实没完全处理干净，可以先获取defintion criterion test_ref 的id 删除 test 再通过test获取到的object_ref、state_ref 去remove ，还能删除一些无用的信息，我这边实现了下redhat 7处理后的 critical等级只有1.2M 大小

notapplicable for Centos8.3

Hi,

I am getting problems with the last upgrade of Centos. With 8.2 works perfect, but with 8.3 doesn't apply.

Thanks!!

script to generate the centos oval files.

Hi,

Nice project! But I couldn't find the script to generate the oval files for Centos.

Are you willing to release it?

Kind regards,

staf

Recommend Projects

sep0lkit / oval-for-el Goto Github PK