How to find out which OSCAP rule exactly failed when rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date fails
Issue
-
The system is up-to-date, but when executing the
xccdf_org.ssgproject.content_rule_security_patches_up_to_date
rule on a system, failure is reported anyway# oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_pci-dss --rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml Downloading: https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml.bz2 ... ok Title Ensure Software Patches Installed Rule xccdf_org.ssgproject.content_rule_security_patches_up_to_date Ident CCE-26895-3 Result fail
Environment
- Red Hat Enterprise Linux 7
- scap-security-guide
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.