8.7. Practical Examples


This section demonstrates practical usage of certain security content provided for Red Hat products.

8.7.1. Auditing Security Vulnerabilities of Red Hat Products

Red Hat continuously provides OVAL definitions for their products. These definitions allow for fully automated audit of vulnerabilities in the installed software. To find out more information about this project, see http://www.redhat.com/security/data/metrics/. To download these definitions, run the following command:
~]$ wget http://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml
The users of Red Hat Satellite 5 may find useful the XCCDF part of the patch definitions. To download these definitions, run the following command:
~]$ wget http://www.redhat.com/security/data/metrics/com.redhat.rhsa-all.xccdf.xml
To audit security vulnerabilities for the software installed on the system, run the following command:
~]$ oscap oval eval --results rhsa-results-oval.xml --report oval-report.html com.redhat.rhsa-all.xml
The oscap utility maps Red Hat Security Advisories to CVE identifiers that are linked to the National Vulnerability Database and reports which security advisories are not applied.

Note

Note that these OVAL definitions are designed to only cover software and updates released by Red Hat. You need to provide additional definitions in order to detect the patch status of third-party software.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.