[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [atomic-devel] No Openscap for Fedora Atomic?
- From: Brent Baude <bbaude redhat com>
- To: Micah Abbott <miabbott redhat com>, Josh Berkus <jberkus redhat com>, atomic-devel <atomic-devel projectatomic io>
- Subject: Re: [atomic-devel] No Openscap for Fedora Atomic?
- Date: Tue, 28 Jun 2016 09:11:15 -0500
On Tue, 2016-06-28 at 09:41 -0400, Micah Abbott wrote:
> On 06/27/2016 06:32 PM, Josh Berkus wrote:
> > Folks,
> >
> > Unlike RHEL and CentOS, Fedora Atomic seems to be missing the
> > Openscap
> > service required to run atomic scan. What's involved in getting
> > this
> > added in?
> >
>
> I don't believe OpenSCAP is included in either RHEL or CentOS AH
> (see
> below).
>
> I believe the way to get started with OpenSCAP is with a container:
>
> https://hub.docker.com/r/openscap/openscap-daemon-f23/
>
>
> This is the prescribed method for the RHEL AH hosts, combined with
> 'atomic scan':
>
> https://access.redhat.com/errata/RHEA-2016:1327
>
>
> -Micah
>
>
> -bash-4.2# rpm-ostree status
> TIMESTAMP (UTC) VERSION ID OSNAME
> REFSPEC
> * 2016-04-04 21:25:34 7.20160404 e39c28570a
> centos-atomic-host
> centos-atomic-host:centos-atomic-host/7/x86_64/standard
>
> GPG: Found 1 signature on the booted deployment (*):
>
> Signature made Mon 04 Apr 2016 09:33:10 PM UTC using RSA key ID
> F17E745691BA8335
> Good signature from "CentOS Atomic SIG <security centos org>"
> -bash-4.2# rpm -qa | grep openscap
> -bash-4.2#
>
>
> -bash-4.2# rpm-ostree status
> TIMESTAMP (UTC) VERSION ID OSNAME
> REFSPEC
> * 2016-06-06 18:12:07 7.2.5 4bf265cf86 rhel-atomic-
> host
> rhel-atomic-host-ostree:rhel-atomic-host/7/x86_64/standard
> -bash-4.2# rpm -qa | grep openscap
> -bash-4.2#
>
Josh,
I have a Fedora version of the openscap image on docker.io. It is
docker.io/fedora/atomic_scan_openscap. This will allow you to scan
RHEL content on Fedora.
However, remember, only RHEL provides the openscap CVE input data so
while you can run this on Fedora or CentOS, you will still only be able
to scan RHEL-based images.
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]