Understand, just my personal security learning, and shared to interested people. thanks for the reply. Johnny Hughes <johnny at centos.org> 于2019年9月5日周四 下午11:47写道: > On 9/3/19 3:27 AM, Sep0lkit wrote: > > We use oval to check the system vulnerability. > > > > Redhat offer official oval(https://www.redhat.com/security/data/oval/), > and > > it works well on redhat. > > > > There is no official centos oval, and using redhat oval on centos got > > false results. > > centos is based redhat, so I wrote a script fetch redhat oval files and > > convert it to useful for centos. > > > > And I push the oval to my github: > https://github.com/Sep0lkit/oval-for-el > > > > Everyone interested in this can try to use it and tell me it works > > correctly or not. > > That is because CentOS Linux does not now, nor has it ever provided any > certification of Security patches. We build source code released for > RHEL, but provide no certification or assurance of any kind. > > Individual users must do and provide their own security testing and any > validation. > > Thanks, > Johnny Hughes > > >