similar to: oval support for centos

On 9/3/19 3:27 AM, Sep0lkit wrote: > We use oval to check the system vulnerability. > > Redhat offer official oval(https://www.redhat.com/security/data/oval/), and > it works well on redhat. > > There is no official centos oval, and using redhat oval on centos got > false results. > centos is based redhat, so I wrote a script fetch redhat oval files and > convert it

On 05/08/2020 16:49, Johnny Hughes wrote: > On 8/5/20 1:05 AM, centos at niob.at wrote: >> On 04/08/2020 23:50, Jon Pruente wrote: >>> On Tue, Aug 4, 2020 at 11:34 AM <centos at niob.at> wrote: >>> >>>> Q5) If the answer to the last question is "no": shouldn't there be such >>>> a resource? >>>> >>> CentOS

On 04/08/2020 23:50, Jon Pruente wrote: > On Tue, Aug 4, 2020 at 11:34 AM <centos at niob.at> wrote: > >> Q5) If the answer to the last question is "no": shouldn't there be such >> a resource? >> > CentOS doesn't publish security errata. If you need it then you should > either buy RHEL, or deal with putting together your own set up with >

Dear List, I have spent some time playing around with oscap and the RHEL OVAL feed (https://www.redhat.com/security/data/oval/v2/RHEL8/, also check Chapter 16 of the RHEL 8 Design Guide). Because I could not find an existing OVAL file for CentOS, I downloaded one of the RHEL8 files and managed to modify (eg. the rhel-8.1-e4s.oval.xml) it to make it work on a CentOS machine. Basically I just

Hello, I have noticed that pci-dss profile, ssg-centos7-xccdf.xml will always fail on test and remediation for disable_prelink rule. That seem to be caused by insufficient CentOS RPM customization of upstream code. Specifically this: https://github.com/OpenSCAP/scap-security-guide/blob/master/shared/oval/disable_prelink.xml#L24-L35

On 04/28/2015 02:30 PM, John R Pierce wrote: > On 4/28/2015 9:49 AM, bobby Orellano wrote: >> nowhere does it say that centos is approved for use in DoD. it is not on >> the APL, only RedHat and SuSE > > > DoD approval requires spending lots of money jumping through arbitrary > hoops. Do you wish to pay for this? > > skimming the requirements, it also requires

Hi all, Much like Ubuntu and Debian teams have OVAL content published for detecting vulnerabilities, are there plans of publishing such content? e.g. https://people.canonical.com/~ubuntu-security/oval/ On a related note, has anybody looked into using RHEL oval content on CentOS?

Hi, I would like to know if there is some feed for OVAL checks like in Redhat: https://www.redhat.com/security/data/oval/. Documentation: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Practical_Examples.html#sect-Auditing_Security_Vulnerabilities_Example Other distributions have an oval feed: - Redhat:

Bill, Alberto, Gabor, Thank you for answering my question. Now I learned about outer() function. That was a straightforward example. But what if I had a matrix, where the last column was filled with values first (again, a for loop), and the rest was filled by using a double loop? OVal <- matrix(0, n+1, n+1) for(i in 0:n){ OVal[i+1, n+1] <- max(Val[i+1, n+1]-K, 0) } for(i in seq(n,1,

On 8/5/20 10:45 AM, centos at niob.at wrote: > On 05/08/2020 16:49, Johnny Hughes wrote: >> On 8/5/20 1:05 AM, centos at niob.at wrote: >>> On 04/08/2020 23:50, Jon Pruente wrote: >>>> On Tue, Aug 4, 2020 at 11:34 AM <centos at niob.at> wrote: >>>> >>>>> Q5) If the answer to the last question is "no": shouldn't there be

The commit commit 476e84e126171d809f9c0b5d97137f5055f95ca8 Author: Ben Skeggs <bskeggs at redhat.com> Date: Mon Feb 11 09:24:23 2013 +1000 drm/nv50-/disp: initial supervisor support for off-chip encoders changed the write mask in one of the interrupt functions for on-chip encoders, causing a regression in certain VGA dual-head setups. This commit reintroduces the mask

On 8/5/20 1:05 AM, centos at niob.at wrote: > On 04/08/2020 23:50, Jon Pruente wrote: >> On Tue, Aug 4, 2020 at 11:34 AM <centos at niob.at> wrote: >> >>> Q5) If the answer to the last question is "no": shouldn't there be such >>> a resource? >>> >> CentOS doesn't publish security errata. If you need it then you should

Hi CentOS experts,* Short Version* I would like to produce a weekly report in HTML for each CentOS 5.x server we have indicating configuration compliance with some industry benchmark. I am looking for a tool or tools to implement this, I am happy to use 3rd party proprietary stuff if necessary. * Long(er) Version* Current Situation.. I have a client with many (200x) CentOS 5.x servers

On 03/03/2016 02:58 PM, Mark Milhollan wrote: > On Wed, 2 Mar 2016, Johnny Hughes wrote: >> On 03/02/2016 10:42 AM, Mark Milhollan wrote: > >>> I wish --security was functional > >>> I hope that the lack is not due to >>> the assumed use resulting in it being ignored. >> >> That is not the reason, > >> We do not have enough space

hi: where would I find facilities to draw circles, ovals, and semicircles? (or should I construct them myself using curve?) regards, /ivo

Hello everyone. I just started learning R for clustering analysis in my research project. I tried k-means method and PAM method, both of which were properly processed with my data. I have some questions about PAM graphical output. Suppose to do the commands shown below; pm<-pam(D, 6) plot(pm) I got two charts after prompted. In the first chart, 6 oval clusters are drawn together

On 01/06/2015 04:25 AM, Liam O'Toole wrote: > On 2015-01-06, Somers-Harris, David | David | OPS > <david.somers-harris at mail.rakuten.com> wrote: >>> 1. Blatant screen scraping is a violation of the terms of service >>> for RHN .. so where is a SOURCE of information for something like >>> this: >>> >>>

Hi all. I am curious if anyone has experience using the OVAL tests for CVEs provided by Red Hat (https://www.redhat.com/security/data/metrics/) for CentOS 7. I was able to get the tests working for the non modified packages provided by RHEL but not the packages modified by CentOS. I believe this is because CentOS 7 no longer has minor versions (PACKAGE.VERSION.el7.*.rpm) whereas RHEL does

I have a clean install, fully updated CentOS 6 32-bit. When I run the Red Hat detection script: https://access.redhat.com/sites/default/files/spectre-meltdown--a79614b.sh it finds that the system is vulnerable. Is this false positive or there is no patches for CentOS 6 32-bit systems? Thank you, -- Peter

On 04/28/2015 06:05 PM, Akemi Yagi wrote: > On Tue, Apr 28, 2015 at 3:10 PM, Johnny Hughes <johnny at centos.org> wrote: > >> CentOS is not approved for DOD use. In fact, CentOS is not now, nor has >> it ever been *certified* for anything. Certifications require people to >> PAY to certify a product. >> >> Specifically, EAL4 Certification, a requirement