On 9/3/19 3:27 AM, Sep0lkit wrote: > We use oval to check the system vulnerability. > > Redhat offer official oval(https://www.redhat.com/security/data/oval/), and > it works well on redhat. > > There is no official centos oval, and using redhat oval on centos got > false results. > centos is based redhat, so I wrote a script fetch redhat oval files and > convert it to useful for centos. > > And I push the oval to my github: https://github.com/Sep0lkit/oval-for-el > > Everyone interested in this can try to use it and tell me it works > correctly or not. That is because CentOS Linux does not now, nor has it ever provided any certification of Security patches. We build source code released for RHEL, but provide no certification or assurance of any kind. Individual users must do and provide their own security testing and any validation. Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20190905/39629c5d/attachment-0006.sig>