[ubuntu-hardened] OVAL show tons of Unknown and Vulnerable installed packages
sbeattie at ubuntu.com
Fri May 19 18:49:12 UTC 2017
On Mon, May 15, 2017 at 04:04:14PM +0200, Johan Ryberg wrote:
> I'm running fully patched Ubuntu 16.04 servers and I'm about to
> validate Open SCAP but I'm not getting trustworthy results.
> I'm using the latest
> https://people.canonical.com/~ubuntu-security/oval/ and are using
> correct file.
> Thousands of packages that are not installed are shown as Unknown or Vulnerable
> Is there any known issues with the xml?
We're probably doing something incorrectly in how we generate the OVAL
Can you give an example of how you're invoking Open SCAP?
<sbeattie at ubuntu.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the ubuntu-hardened