[prev in list] [next in list] [prev in thread] [next in thread]
List: scap-security-guide
Subject: Re: Using OpenSCAP with CVE feeds for daily scanning
From: Jeremiah Jahn <jeremiah () goodinassociates ! com>
Date: 2015-03-24 13:02:07
Message-ID: CAJstirSTgnhH5m=mHSeQ6tcJ06pfxUh0W+32+20=4Ym1BnA8CQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks for the pointers, hadn't even crossed my mind that you could do
this, but like you said, seems quite obvious once you think about it.
On Sun, Mar 22, 2015 at 10:41 AM, Chris Kachigian <chris.kachigian@gmail.com
> wrote:
> Hi Greg,
>
> Here is a document that I put together earlier last year.
>
>
> http://maybeusefultoday.blogspot.com/2014/11/automated-rhel-6-stig-scanning-with.html
>
> Chris
>
> On Mar 22, 2015, at 9:13 AM, Greg Elin <gregelin@gitmachines.com> wrote:
>
> I separately emailed Martin this same question. He was kind enough to send
> me a link so sharing here.
>
> The below link provides an example of using OpenSCAP to consume RedHat
> data on vulnerabilities in RedHat Linux.
>
>
> http://www.open-scap.org/page/Documentation#How_to_run_vulnerability_scan_on_Red_Hat_Enterprise_Linux
>
> This may seem terribly obvious to experienced Scappers, but it is only
> obvious once you see it. I know this because some colleagues some
> colleagues of mine need to do a "vulnerability scan" for a government
> client and were looking at Nessus because they thought OpenSCAP was just
> for checking configuration. It took me a bit, too, to make the connection.
>
> Looking for more examples and documentation as this would be a useful
> thread for us newbies...
>
> Greg Elin
>
> On Sun, Mar 22, 2015 at 6:40 AM, Greg Elin <gregelin@gitmachines.com>
> wrote:
>
>> To date, I've used OpenSCAP to check the configuration of Unix operating
>> systems against government baselines.
>>
>> But I assume OpenSCAP can consume any SCAP content including daily CVE
>> feeds? I have not tried that yet. And superficial searching did not reveal
>> any obvious documentation.
>>
>> Does anyone know of a good example that would get a person started with
>> using OpenSCAP to consume CVE feeds? Any recommendations of freely
>> available feeds?
>>
>> Thanks!
>>
>> Greg Elin
>>
>
> --
> SCAP Security Guide mailing list
> scap-security-guide@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
> https://github.com/OpenSCAP/scap-security-guide/
>
>
>
> --
> SCAP Security Guide mailing list
> scap-security-guide@lists.fedorahosted.org
> https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
> https://github.com/OpenSCAP/scap-security-guide/
>
[Attachment #5 (text/html)]
<div dir="ltr">Thanks for the pointers, hadn't even crossed my mind that you \
could do this, but like you said, seems quite obvious once you think about it. \
</div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Mar 22, 2015 at \
10:41 AM, Chris Kachigian <span dir="ltr"><<a \
href="mailto:chris.kachigian@gmail.com" \
target="_blank">chris.kachigian@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div style="word-wrap:break-word"><div>Hi \
Greg,</div><div><br></div>Here is a document that I put together earlier last \
year.<div><br></div><div><a \
href="http://maybeusefultoday.blogspot.com/2014/11/automated-rhel-6-stig-scanning-with.html" \
target="_blank">http://maybeusefultoday.blogspot.com/2014/11/automated-rhel-6-stig-sca \
nning-with.html</a></div><div><br></div><div>Chris</div><div><br><div><div><blockquote \
type="cite"><div><div class="h5"><div>On Mar 22, 2015, at 9:13 AM, Greg Elin <<a \
href="mailto:gregelin@gitmachines.com" \
target="_blank">gregelin@gitmachines.com</a>> \
wrote:</div><br></div></div><div><div><div class="h5"><div dir="ltr"><div \
class="gmail_default" style="font-size:small">I separately emailed Martin this same \
question. He was kind enough to send me a link so sharing here. </div><div \
class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">The below link provides an example of using OpenSCAP to \
consume RedHat data on vulnerabilities in RedHat Linux.</div><div \
class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small"><a \
href="http://www.open-scap.org/page/Documentation#How_to_run_vulnerability_scan_on_Red_Hat_Enterprise_Linux" \
target="_blank">http://www.open-scap.org/page/Documentation#How_to_run_vulnerability_scan_on_Red_Hat_Enterprise_Linux</a><br></div><div \
class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">This may seem terribly obvious to experienced Scappers, but \
it is only obvious once you see it. I know this because some colleagues some \
colleagues of mine need to do a "vulnerability scan" for a government \
client and were looking at Nessus because they thought OpenSCAP was just for checking \
configuration. It took me a bit, too, to make the connection. </div><div \
class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">Looking for more examples and documentation as this would be \
a useful thread for us newbies...<br></div><div class="gmail_default" \
style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">Greg Elin</div></div><div class="gmail_extra"><br><div \
class="gmail_quote">On Sun, Mar 22, 2015 at 6:40 AM, Greg Elin <span dir="ltr"><<a \
href="mailto:gregelin@gitmachines.com" \
target="_blank">gregelin@gitmachines.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" \
style="font-size:small">To date, I've used OpenSCAP to check the configuration \
of Unix operating systems against government baselines.</div><div \
class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">But I assume OpenSCAP can consume any SCAP content including \
daily CVE feeds? I have not tried that yet. And superficial searching did not reveal \
any obvious documentation.</div><div class="gmail_default" \
style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">Does anyone know of a good example that would get a person \
started with using OpenSCAP to consume CVE feeds? Any recommendations of freely \
available feeds?</div><div class="gmail_default" \
style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">Thanks!</div><span><font color="#888888"><div \
class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" \
style="font-size:small">Greg Elin</div></font></span></div> \
</blockquote></div><br></div></div></div><span class="HOEnZb"><font \
color="#888888">
-- <br>SCAP Security Guide mailing list<br><a \
href="mailto:scap-security-guide@lists.fedorahosted.org" \
target="_blank">scap-security-guide@lists.fedorahosted.org</a><br><a \
href="https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide" \
target="_blank">https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide</a><br><a \
href="https://github.com/OpenSCAP/scap-security-guide/" \
target="_blank">https://github.com/OpenSCAP/scap-security-guide/</a></font></span></div></blockquote></div><br></div></div></div><br>--<br>
SCAP Security Guide mailing list<br>
<a href="mailto:scap-security-guide@lists.fedorahosted.org">scap-security-guide@lists.fedorahosted.org</a><br>
<a href="https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide" \
target="_blank">https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide</a><br>
<a href="https://github.com/OpenSCAP/scap-security-guide/" \
target="_blank">https://github.com/OpenSCAP/scap-security-guide/</a><br></blockquote></div><br></div>
[Attachment #6 (text/plain)]
--
SCAP Security Guide mailing list
scap-security-guide@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/scap-security-guide
https://github.com/OpenSCAP/scap-security-guide/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic