Is there a way to create a package to errata correlation?

Latest response

I am analyzing a system remote to my satellite infrastructure with no internet access to the box itself. I need to come up (for regulatory reasons) with a list of security updates on that box.

Is there any way that I could take a list of packages with versions and come up with a list of RHEL errata? Something like a list of errata with the corresponding packages for each that I could use to correlate each package version with an RHxA indentifier (if there is one), then sort and unique to get a list of errata effectively on that system.

Could I create such a list accessing the PULP database on Satellite (hammer command? python script? I'm open to methodologies).

Responses

if I understand correctly you should be able to use openscap with the oval definitions from https://www.redhat.com/security/data/metrics/

other way if your satellite has latest packages you can also just use it's internal functionality hammer host errata list --host host_name

Have you considered oscap/oval? it may fill in some of the information you need and can be run offline:
https://access.redhat.com/articles/221883

Red Hat oval files are here:
https://www.redhat.com/security/data/oval/

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.