Func question

Question

Func question

Sirdorblu opened this issue a year ago · comments

Is there a func to scan a one file or it will be? like:
oscap oval eval --report vulnerability.html rhel-8.oval.xml test.0:12.0-1.rpm

Evgeny Kolesnikov · Answer 1 · Tue Jul 11 2023 19:49:20 GMT+0800 (China Standard Time)

There is an option to validate a single OVAL definition from a Data Stream, like oscap oval eval --id oval:ssg-installed_OS_is_fedora:def:1 ssg-fedora-ds.xml. That's pretty much how selective OVAL standard could be.

Evgeny Kolesnikov · Answer 2 · Tue Jul 11 2023 19:51:56 GMT+0800 (China Standard Time)

If your Data Stream (rhel-8.oval.xml) has a test definition for each file (package), then it is probably what you're looking for.

Sirdorblu · Answer 3 · Tue Jul 11 2023 19:57:16 GMT+0800 (China Standard Time)

There is an option to validate a single OVAL definition from a Data Stream, like oscap oval eval --id oval:ssg-installed_OS_is_fedora:def:1 ssg-fedora-ds.xml. That's pretty much how selective OVAL standard could be.

but its for installed pkgs, if i have a list of noninstalled pkgs?

Evgeny Kolesnikov · Answer 4 · Tue Jul 11 2023 20:17:06 GMT+0800 (China Standard Time)

OVAL rpm* probes can only operate on installed packages. That won't change (it is standardized behaviour).