[ubuntu-hardened] OVAL shows vulnerabilities when software is not installed
Jesus Linares
jesus at wazuh.com
Mon Oct 24 07:51:41 UTC 2016
Thanks!. I'm glad to help.
Regards.
On Mon, Oct 24, 2016 at 4:59 AM, Steve Beattie <sbeattie at ubuntu.com> wrote:
> On Thu, Oct 20, 2016 at 05:38:01PM +0200, Jesus Linares wrote:
> > you are right, if the test had "negate", it would be false. So, openscap
> > will not show it as a vulnerability. I do not understand why the py
> script
> > does not print the "negate" string.
> >
> > Also, why create a test that always return false?.
>
> This was due to a bug in the OVAL data generator script that caused
> negate attribute to never show up. Thanks to a suggested fix by David
> Ries, these should now be emitted properly.
>
> > is this list the proper site to talk about the oval files of Ubuntu?.
> > Right now, these oval files are totally useless due to this issue.
>
> Yes, this list is the proper place to discuss the OVAL files.
> Thanks for the interest in them.
>
> --
> Steve Beattie
> <sbeattie at ubuntu.com>
> http://NxNW.org/~steve/
>
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>
>
--
*Jesus Linares*
*IT Security Engineer*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20161024/eae15740/attachment.html>
More information about the ubuntu-hardened
mailing list