Understand, just my personal security learning, and shared to interested people.
thanks for the reply.
Johnny Hughes johnny@centos.org 于2019年9月5日周四 下午11:47写道:
On 9/3/19 3:27 AM, Sep0lkit wrote:
We use oval to check the system vulnerability.
Redhat offer official oval(https://www.redhat.com/security/data/oval/),
and
it works well on redhat.
There is no official centos oval, and using redhat oval on centos got false results. centos is based redhat, so I wrote a script fetch redhat oval files and convert it to useful for centos.
And I push the oval to my github:
https://github.com/Sep0lkit/oval-for-el
Everyone interested in this can try to use it and tell me it works correctly or not.
That is because CentOS Linux does not now, nor has it ever provided any certification of Security patches. We build source code released for RHEL, but provide no certification or assurance of any kind.
Individual users must do and provide their own security testing and any validation.
Thanks, Johnny Hughes