[Open-scap] Integrated CPE dictionary
Martin Preisler
mpreisle at redhat.com
Tue Nov 27 12:54:48 UTC 2012
Hi,
to improve usability we have added a small CPE dictionary that will ship with openscap releases in the future. The dictionary's purpose is to contain common platforms as well as their respective OVAL checks for applicability. It is loaded and registered every single time an XCCDF file is set up for evaluation. Default names and checks can be overridden with custom CPE files supplied via command line tools or in a datastream.
So far we have RHEL5, RHEL6, Fedora 16 and Fedora 17 in the dictionary. We plan to continuously add new RHEL and Fedora releases and maintain their OVAL checks. Community contributions adding other platforms are welcome but the platforms have to be of notable significance to avoid overcrowding the file. All of the default CPE files can be seen at http://git.fedorahosted.org/cgit/openscap.git/tree/cpe
Content creators should note that this doesn't free them from the responsibility of shipping CPE dictionaries. Relying on openscap integrated CPE dictionary makes their content potentially unportable.
--
Martin Preisler
More information about the Open-scap-list
mailing list