Support Red Hat OVAL v2

[kotakanbe]

https://www.redhat.com/security/data/oval/v2/

[maxenced]

Hi, almost a year after, do you have any news on this ? We're seeing more and more false positive on our RH EUS.

[kotakanbe]

Yes, we've been thinking about tackling this problem. But it's a pretty heavy issue, so it will take a month or two.

[maxenced]

Cool ! Thanks for your hard work, happy to help/test when needed.

[MaineK00n]

@maxenced

Hi, I'm @MaineK00n. I'm sorry for the delay, but I'm working on #130 to support RHEL OVALv2.

Currently, the PR goval-dictionary uses OVALv2 for OVALs other than RHEL5. It also supports OVALs provided by OVALv2 for EUS/AUS/TUS/E4S environments.Also, select -by-cveid and select -by-package can be searched from EUS OVAL. See #130 for details, or check out my branch (MaineK00n:support-rhel-ovalv2) and try it out.

We're seeing more and more false positives on our RH EUS.

By the way, can you tell me in what environment you're seeing these false positives?

[maxenced]

One of the servers is :

cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="8.2 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.2"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.2 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8.2:GA"
HOME_URL="https://www.redhat.com/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.2
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.2"

and

yum repolist enabled |grep rhel
codeready-builder-for-rhel-8-x86_64-rpms Red Hat CodeReady Linux Builder for RHEL 8 x86_64 (RPMs)
rhel-8-for-x86_64-appstream-eus-rpms     Red Hat Enterprise Linux 8 for x86_64 - AppStream - Extended Update Support (RPMs)
rhel-8-for-x86_64-baseos-eus-rpms        Red Hat Enterprise Linux 8 for x86_64 - BaseOS - Extended Update Support (RPMs)
``

[shino]

This issue was closed because it has been inactive.