The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
Oracle provides OVAL definitions for all errata on ULN. You can use these definitions to ensure that all applicable errata are installed on an Oracle Linux system. For example, Spacewalk allows you to schedule regular auditing scans.
The following OVAL definition files are available:
-
com.oracle.elsa-
cve
.xml OVAL definition file for a single ELSA security patch. For example,
com.oracle.elsa-20150377.xml
relates to ELSA-2015-0377.-
com.oracle.elsa-
year
.xml.bz2 Compressed archive of OVAL definition files for all ELSA patches released in a given
year
.-
com.oracle.else-all.xml.bz2
Compressed archive of all applicable OVAL definition files for all available ELSA patches.
To download an OVAL definitions file and perform an audit on a system:
Use wget or a similar command to download a definitions file from https://linux.oracle.com/security, for example:
#
wget https://linux.oracle.com/security/oval/com.oracle.elsa-2017.xml.bz2
In the definitions file is a compressed
bz2
archive, use bzip2 to extract the OVAL definitions file:#
bzip2 -d com.oracle.elsa-2017.xml.bz2
Use oscap oval eval to audit a system using an OVAL definitions file, for example:
#
oscap oval eval --results /tmp/elsa-results-oval.xml
\--report /var/www/html/elsa-report-oval.html
\/tmp/com.oracle.elsa-2017.xml
Definition oval:com.oracle.elsa:def:20173580: false Definition oval:com.oracle.elsa:def:20173579: true Definition oval:com.oracle.elsa:def:20173576: false Definition oval:com.oracle.elsa:def:20173575: false Definition oval:com.oracle.elsa:def:20173574: true Definition oval:com.oracle.elsa:def:20173567: false Definition oval:com.oracle.elsa:def:20173566: false Definition oval:com.oracle.elsa:def:20173565: true Definition oval:com.oracle.elsa:def:20173539: true Definition oval:com.oracle.elsa:def:20173538: false Definition oval:com.oracle.elsa:def:20173537: false Definition oval:com.oracle.elsa:def:20173535: false ... Evaluation done.This example scan uses the OVAL definitions in
com.oracle.elsa-2017.xml
and outputs the XML results and HTML report files to/tmp
and/var/www/html
respectively. A result oftrue
for a patch means that it has not been applied to a system; a result offalse
means that it has been applied.If you generate an XML results file but not the HTML report, you can use oscap oval generate report to convert the results file to an HTML report, for example:
#
oscap oval generate report /tmp/elsa-results-oval.xml
\> /var/www/html/elsa-report-oval.html
You can view the HTML report in a browser as shown in Figure 6.3.