OSCAP scan false positives

Support for security such as Firewalls and securing linux
Post Reply
mm7
Posts: 3
Joined: 2020/07/02 12:42:42

OSCAP scan false positives

Post by mm7 » 2020/07/02 13:02:25

Hi
I've installed openscap

# rpm -qa openscap\*
openscap-devel-1.3.3-1.el8.x86_64
openscap-engine-sce-1.3.3-1.el8.x86_64
openscap-scanner-1.3.3-1.el8.x86_64
openscap-utils-1.3.3-1.el8.x86_64
openscap-1.3.3-1.el8.x86_64
scap-security-guide-0.1.50-2.el8.noarch

from Repository : copr:copr.fedorainfracloud.org:openscapmaint:openscap-latest

run
/bin/oscap xccdf eval --profile standard --oval-results --report /var/www/html/oscap/oscap-sce1.html --results /var/oscap/results/res-sce1.xml --fetch-remote-resources /usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml

In the report I have 280 failures like
Ensure Software Patches Installed (oval:com.redhat.rhsa:def:20202774)
Ensure Software Patches Installed (oval:com.redhat.rhsa:def:20202755)
... etc

in each of them there are couple of messages like

nghttp2 is earlier than 0:1.33.0-3.el8_2.1 oval:com.redhat.rhsa:tst:20202755005 false
No items have been found conforming to the following objects:
Object oval:com.redhat.rhsa:obj:20192692003 of type rpminfo_object
Name
nghttp2

But I do not have nghttp2 installed. Why this appears as failure?

Also the is "Ensure Red Hat GPG Key Installed" failure.

there were no such issues with scans for Centos7.

How to fix?

Post Reply

Return to “CentOS 8 - Security Support”