CentOS 7 and PCI DSS compliance

Support for security such as Firewalls and securing linux
Post Reply
alex19damian
Posts: 2
Joined: 2021/02/17 17:20:06

CentOS 7 and PCI DSS compliance

Post by alex19damian » 2021/02/17 17:52:45

Hi, I've been hanging around the web for a while to solve the Centos 7 pci-dss compliance scan, but I've been able to:

- Find a dictionary and cpe to use ssg-rhel7-ds.xml as mentioned here for Centos 6

- A working ssg-centos7-ds.xml, this because it is no longer in the oscap-security-guide package. I was also unsuccessful compiling with .

Code: Select all

/build_product --derivatives rhel7
as noted here .

With the latter I get multiple failures for the rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date as seen in the image https://ibb.co/gyds1HJ .

The command used for this was:

Code: Select all

oscap xccdf eval --fetch-remote-resources --rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date --results /opt/openscap/scanRule.xml --report /opt/openscap/scanRule.html / root /content/build/ssg-centos7-ds.xml

sml
Posts: 305
Joined: 2020/01/17 09:01:44

Re: CentOS 7 and PCI DSS compliance

Post by sml » 2021/02/17 20:04:33

alex19damian wrote:
2021/02/17 17:52:45
I was also unsuccessful compiling
Have you tried their COPR repository openscapmaint/openscap-latest?

alex19damian
Posts: 2
Joined: 2021/02/17 17:20:06

Re: CentOS 7 and PCI DSS compliance

Post by alex19damian » 2021/02/17 21:56:39

sml wrote:
2021/02/17 20:04:33
alex19damian wrote:
2021/02/17 17:52:45
I was also unsuccessful compiling
Have you tried their COPR repository openscapmaint/openscap-latest?
Great, using this repository I found the template.
Now it remains to debug the repeatedly failed rule for updates as seen in this image https://ibb.co/pbHdb3T

Thanks so much for the reply.

Post Reply