How to find out which OSCAP rule exactly failed when rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date fails

Solution Unverified - Updated -

Issue

  • The system is up-to-date, but when executing the xccdf_org.ssgproject.content_rule_security_patches_up_to_date rule on a system, failure is reported anyway

    # oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_pci-dss --rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 ... ok
Title   Ensure Software Patches Installed
Rule    xccdf_org.ssgproject.content_rule_security_patches_up_to_date
Ident   CCE-26895-3
Result  fail

Environment

  • Red Hat Enterprise Linux 7
    • scap-security-guide

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content