RHEL comes with a built in security/vulnerability scanner
Did you know RHEL comes with a built in security/vulnerability scanner? Here is the commands for RHEL7 as an example:
-
Install OpenSCAP :
yum install openscap openscap-scanner
-
Download the OpenSCAP datastream file :
wget -c https://www.redhat.com/security/data/metrics/ds/com.redhat.rhsa-RHEL7.ds.xml
-
Run OpenSCAP command to scan :
sudo oscap xccdf eval --results results.xml --report report.html com.redhat.rhsa-RHEL7.ds.xml
-
Review scanner report :
firefox report.html